> Using the following code, I manage to add a lot of extensions to a
> certificate. 
> 
> 
>       X509V3_EXT_METHOD *method;
>       STACK_OF(CONF_VALUE) *nval;
>       int ext_len;
>       unsigned char *ext_der;
>       void *ext_struc;
>       int ext_nid;
>       ASN1_OCTET_STRING *ext_oct;
>       X509_EXTENSION *ext;
> 
>       ext_nid = OBJ_sn2nid(name);
> 
>       method = X509V3_EXT_get_nid(ext_nid);
>       nval = X509V3_parse_list(value);
> 
>       if(method->v2i)
>               ext_struc = method->v2i(method, NULL, nval);
>       else if(method->s2i)
>               ext_struc = method->s2i(method, NULL, value);
>       else if(method->r2i)
>               ext_struc = method->r2i(method, NULL, value);
> 
>       ext_len = method->i2d(ext_struc, NULL);
>       ext_der = (unsigned char *)OPENSSL_malloc(ext_len);
>       p = ext_der;
>       method->i2d(ext_struc, &p);
> 
>       ext_oct = M_ASN1_OCTET_STRING_new();
>       ext_oct->data = ext_der;
>       ext_oct->length = ext_len;
> 
>       ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, 0, ext_oct);
>       M_ASN1_OCTET_STRING_free(ext_oct);
> 
>       X509_add_ext(cert, ext, -1);
> 
> , where "cert" is of type X509. 
> 
> This code works form the folowing values of the variables "name" and
> "value"
> 
> name = "keyUsage", value = "nonRepudiation, digitalSignature,
> keyEncipherment";
> 
> name = "crlDistributionPoints", value = "URI:http://myserver/CRL.asp";
> 
> name = "extendedKeyUsage", value = "serverAuth, emailProtection"
> 
>   The problem is : I'm not being able to add the "authorityKeyIdentifier"
> extension. Does any one knows what the value for the variable "value"
> whould be in this case ? I would really apreciate some help... Thanks !
> 
> ----------------------
> Arthur Wongtschowski
> SCOPUS Tecnologia S.A.
> Seguran�a de Sistemas
> Fone : 55 11 3909-3479
> [EMAIL PROTECTED]
> 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to