I guess I should have re-read the RFC (again)... :-( Sorry everybody....
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }IE did display the extnValue as expected then. I thought that the extention would appear in a similar format as with validity.
The second question then relates to suplying this extension information, to either the P10 request or the X509 entensions. As it stands right now I edited the openssl.cnf file to include this data - can I do this from the command line when calling 'openssl req' or 'openssl ca'
Craig.
Dr. Stephen Henson wrote:
On Thu, Aug 05, 2004, Craig Gleadall wrote:
Abdou,
The 04:20 is teh DER encoding for an OctetString that is 0x20 bytes long. What I would have expected to happen was my Sequence to be place right after the DER encoded OID for 2.5.29.16, but allas it is deciding that the DER data that I am providing must be an OctetString.
The problem is when this certificate is imported to IE the extension shows up, but the data is interpreted as an OctetString and not two GeneratlizedTimes...
That is the format of *all* extensions. The relevant encoded structure is contained in the extnValue OCTET STRING. Using anything else would violate the standards.
If MSIE doesn't display it that might be because it doesn't support the extension.
Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
