Re: question about adding custom extensions

dobos_s Tue, 13 Feb 2001 07:59:24 -0800

Here is my question in detail:

I want to create certificates, where the subject/issuer is:
     abc=xyz123,cn=BlaBla,cn=MoreBlaBla,dc=some,dc=where

I want that the certificate holds some more values (in extension?):
     def3=qwe

I have OIDs for abc,def3, other attributes (cn,dc) are x500 standards.
They have x500 syntax:
     1.3.6.1.4.1.1466.115.121.1.5
     1.3.6.1.4.1.1466.115.121.1.12
     1.3.6.1.4.1.1466.115.121.1.15
     1.3.6.1.4.1.1466.115.121.1.27

How can I create such certificate?
How can I retrieve information from such a certificate? (subject=? issuer=?
def3=?)

Cly




                                                                                       
                                    
                    Dr S N Henson                                                      
                                    
                    <[EMAIL PROTECTED]>            To:     [EMAIL PROTECTED]     
                                    
                    Sent by:                     cc:                                   
                                    
                    owner-openssl-users@o        Subject:     Re: question about 
adding custom extensions                  
                    penssl.org                                                         
                                    
                                                                                       
                                    
                                                                                       
                                    
                    2001.02.13 15:15                                                   
                                    
                    Please respond to                                                  
                                    
                    openssl-users                                                      
                                    
                                                                                       
                                    
                                                                                       
                                    



[EMAIL PROTECTED] wrote:
>
> Hi!
>
> I want to add some custom extensions to a certificate.
> I found something in openssl.txt, but it is to few for me :-)
>
> So I have an oid, a name and a value.
> I dont want to use config files.
> How can I add this extension to a certificate?
>

It depends what the "value" actually is. If its the DER encoding then
you can add that easily enough using the X509_EXTENSION routines. If
however its some ASCII representation of a complex structure and nothing
equivalent already exists then things are much harder. You have to
create custom ASN1 encode and decode routines and optionally functions
to set and print the value.

Steve.
--
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: question about adding custom extensions

Reply via email to
