Hi all,
I'm trying to add the x500UniqueIdentifier attrib to a cert request,
and/or at the signing stage, but am not having success. Using
0.9.8c,
the [x509_extensions] attrib:
x500UniqueIdentifier = 'foo'
causes:
Error Loading extension section local_ca_extensions
1972:error:0E06D06C:configuration file routines:NCONF_get_string:no
value:.\crypto\conf\conf_lib.c:329:group=local_ca name=email_in_dn
1972:error:22097081:X509 V3 routines:DO_EXT_NCONF:unknown
extension:.\crypto\x509v3\v3_conf.c:129:
1972:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
extension:.\crypto\x509v3\v3_conf.c:93:name=x500UniqueIdentifier, value=foo
Apparently this is just because in my build I do not have an OID/name
mapping for x500UniqueIdentifier (also tried uniqueIdentifier), however
manually entered OID values (1.2.3 etc) also are not accepted.
My questions are:
1) is there a doc that describes how to add custom attributes?
2) why would x500UniqueIdentifier and uniqueIdentifier not be present in
0.9.8, or am I just mis-placing the attrib?
3) Has anyone also embedded logos (RFC 3709), useful (someday) for
client certs, like for signing and authentication. Also apparently
useful in server certs.
Also, trying to add custom OIDs as per http://www.mail-archive.com/openssl-dev@openssl.org/msg03558.html , I get:
problem creating object shortName=some object long name,
1.2.3.4
1832:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:.\crypto\asn1\a_object.c:108:
Another gentleman (Simon McMahon) reported the same thing in an email on Thu, Aug 31, 2006, so is this a known bug?
Thank you very much,
Ken
