Re: Errors when coding X509 attributes - help needed

Mon, 20 Feb 2006 04:32:13 -0800 

On Mon, Feb 20, 2006, Daniel Daz Snchez wrote:

> [Sorry for the prior empty mails I am experiencing some problems with mail]
> 
> Hello,
> 
> I’m implementing some X509 attributes for a Openssl based X509 attribute
> certificates API (will be available when finished). I have some problems
> with one attribute, I don't know if I am implementing it correctly or not so
> I need help. Let me present the problem: fist the definition (by the IETF)
> of the attribute, then the implementation details (declaration and
> implementation) and the piece of code that does not work. Any help would be
> indeed very much grateful.
> 
> -Definition (IETF)
> 
> IetfAttrSyntax ::= SEQUENCE {
>       policyAuthority [0] GeneralNames    OPTIONAL,
>       values          SEQUENCE OF CHOICE {
>           octets    OCTET STRING,
>           oid       OBJECT IDENTIFIER,
>           string    UTF8String
>      }
> }
> 
> -Declaration (.h)
> 
> typedef struct IetfAttrSyntax_st {
>       GENERAL_NAMES *policyAuthority;
>       int type; 
>       union{ 
>               ASN1_OCTET_STRING *octets;
>               ASN1_OBJECT *oid;
>               ASN1_UTF8STRING *string;
>       }values;
> } IetfAttrSyntax;
> 
> DECLARE_ASN1_ITEM(IetfAttrSyntax)
> DECLARE_ASN1_FUNCTIONS(IetfAttrSyntax)
> 
> -Implementation (.c)
> 
> ASN1_CHOICE(IetfAttrValues)= {
>       ASN1_SIMPLE(IetfAttrSyntax ,values.octets , ASN1_OCTET_STRING ),
>       ASN1_SIMPLE(IetfAttrSyntax ,values.oid , ASN1_OBJECT ),
>       ASN1_SIMPLE(IetfAttrSyntax ,values.string , ASN1_UTF8STRING )
> }ASN1_CHOICE_END_selector(IetfAttrSyntax, IetfAttrValues, type);
> 
> ASN1_SEQUENCE(IetfAttrSyntax) = {
>       ASN1_OPT(IetfAttrSyntax, policyAuthority, GENERAL_NAMES, 0),
>       ASN1_EX_COMBINE(0, 0, IetfAttrValues)
> }ASN1_SEQUENCE_END(IetfAttrSyntax);
> 
> IMPLEMENT_ASN1_FUNCTIONS(IetfAttrSyntax)
> IMPLEMENT_ASN1_DUP_FUNCTION(IetfAttrSyntax)
> 
> 

There is an attribute certificate ASN1 module in my "play" area on
openssl.org.

At least one problem is the policyAuthority syntax. The GENERAL_NAMES type is
what is known as an item teplate and you can't apply modifiers to that so the
ASN1_OPT line wont work.

Instead you use the GENERAL_NAME type and delcare that as a SEQUENCE OF
IMPLICIT, OPT.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to