In message <[EMAIL PROTECTED]> on Thu, 27 Apr 2006 13:59:59 +0200, "Saurabh Arora" <[EMAIL PROTECTED]> said:
tanish2k> Thankyou openssl group for your overwhelming, ZERO help support. You know, you sent the first mail about 24 hours ago, and you seem to expect the kind of support you'd normally have to PAY for! This is a completely volunteer driven mailing list and help organisation, you can't expect commercial grade support from people who read and respond ON THEIR FREE TIME! Fer crying out loud, man! If I weren't a kind soul, I'd tell you to sod off at this point, but you know, I'll try to give you a bit of help instead... tanish2k> i am trying to add my custom extension under the standard tanish2k> extension stack. (my company have acquired OIDs) tanish2k> steps: tanish2k> - add entries (shortname,longname,nid,oid) in ( tanish2k> objects.h,obj_mac.num) Dont' do that. Instead, hack at crypto/objects/objects.txt, then do "make update". crypto/objects/objects.README will give you some useful hints as to the syntax. tanish2k> - for nid, i used the last available nid (>750) This is done automagically by "make update". tanish2k> - under [crypto/x509v3] , make a file v3_custom.c and add tanish2k> the code to get and set values. tanish2k> - add the corresponding typedef in x509v3.h tanish2k> - add the entry in ext_dat.h as (extern, X509V3_EXT_METHOD) tanish2k> ( here i had to add the v3_custom.o in the libcrypto.a tanish2k> using "ar" utility ) Why not add it in Makefile instead, then things will be much smoother. tanish2k> - re-build openssl tanish2k> tanish2k> ------------------------------------------------------------------------------------------------- tanish2k> - make custom conf file (myopenssl.cnf) and add custom extension in tanish2k> the section [v3_ca] tanish2k> tanish2k> ----------- tanish2k> customExtension = "hello" tanish2k> ----------- tanish2k> tanish2k> - now when i make a self-sign certificate tanish2k> tanish2k> --------------- tanish2k> openssl req -new -x509 -key cakey.pem -out cert.pem -config myopenssl.cnf tanish2k> --------------- tanish2k> tanish2k> it gives me the following error : tanish2k> --------------- tanish2k> error Loading extension section v3_ca tanish2k> 11715:error:2207C081:X509 V3 routines:DO_EXT_CONF:unknown tanish2k> extension:v3_conf.c:128: tanish2k> 11715:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in tanish2k> extension:v3_conf.c:92:name=customExtension ,value=hello tanish2k> --------------- tanish2k> but wen i write the extension value in DER form , as: tanish2k> tanish2k> ------------ tanish2k> myopenssl.cnf tanish2k> [v3_ca] tanish2k> tanish2k> customExtension = DER:02:03 tanish2k> tanish2k> ------------ tanish2k> and now i run the self-sign cert command , it compiles tanish2k> succesfully and i can see my extension in the certificate. Hmm, sounds like you have implemented the i2r function (or corresponding) but not the r2i one... I've been through the exact same struggle a little more than a year ago, when I implemented the necessary extension for proxy certificates. Take a look at v3_pci.c and v3_pcia.c if you wish. They work. Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
