Hello,
I have searched the mailing list archives and cannot seem to find a
specific answer to a very high-level question.
Is there a method for adding (and retrieving) application-specific
attributes to an SSL certificate using OpenSSL?
Specifically, I would like to add a collection of attributes to
certificates that I will be issuing in order to tie a set of application
permissions to each certificate. I have managed to add attributes to
CSRs by creating new OIDs in the openssl config file and filling them in
during CSR creation. Calling:
openssl req -noout -text -in csr.pem
displays the "custom" attributes in the "Attributes:" section of the
text display. However I'm not certain that this is the appropriate way
to achieve this function.
Additionally, I am unsure of how to retrieve these attributes after the
requests have been signed and turned into certificates. Displaying the
certificate using:
openssl x509 -noout -text -in crt.pem
does not display the attributes as they were shown in the CSR.
Any hints, pointers, or (dare I dream to be so lucky) sample code will
be much appreciated.
Thank you,
~brian skrab
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
