BMPSTRING in extensions

Michael Leuchtner Mon, 12 Feb 2007 04:22:51 -0800

Ok, I think I know the structure of the value. When I look at a "microsoft 
style" request samle with the openssl command line tool, I get the following 
output:


...
  362:d=6  hl=2 l=  51 cons: SEQUENCE
  364:d=7  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.20.2
  375:d=7  hl=2 l=  38 prim: OCTET STRING
  415:d=3  hl=3 l= 241 cons: SEQUENCE
  418:d=4  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.311.13.2.2
  430:d=4  hl=3 l= 226 cons: SET
  433:d=5  hl=3 l= 223 cons: SEQUENCE
  436:d=6  hl=2 l=   1 prim: INTEGER           :02
  439:d=6  hl=2 l=  78 prim: BMPSTRING
  519:d=6  hl=3 l= 137 prim: BIT STRING
  659:d=1  hl=2 l=  13 cons: SEQUENCE
  661:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
  672:d=2  hl=2 l=   0 prim: NULL
  674:d=1  hl=3 l= 129 prim: BIT STRING
OpenSSL> asn1parse -in testcert.txt -strparse 375
    0:d=0  hl=2 l=  36 prim: BMPSTRING
OpenSSL>

So it seems that I have to add a BMPSTRING as a subfield of the OCTET STRING. 
But how can I do that?!



 
-----Ursprüngliche Nachricht-----
Von: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED] 
Gesendet: Montag, 12. Februar 2007 12:55
An: openssl-users@openssl.org; Michael Leuchtner
Betreff: 

In message <[EMAIL PROTECTED]> on Mon, 12 Feb 2007 11:34:22 +0100, "Michael 
Leuchtner" <[EMAIL PROTECTED]> said:

mleuchtner> The request to the MS CA needs the "enroll certtype extension" (OID
mleuchtner> 1.3.6.1.4.1.311.20.2) where I put the name of the certificate 
template
mleuchtner> in.
mleuchtner> I've already put the extension in the right place using
mleuchtner> X509_EXTENSION_create_by_NID(), sk_X509_EXTENSION_push() and
mleuchtner> X509_REQ_add_extensions_nid().
mleuchtner> Now the problem is, that the value is inserted as an OCTET STING. 
But I
mleuchtner> want to set it as an BMPSTRING. What ever I tried - the value always
mleuchtner> comes as octet string in my request. The problem seems to be, that 
the
mleuchtner> Extension structure only takes octet strings, so I think, that the
mleuchtner> bmpstring has to set as some kind of subfield?!
mleuchtner> 
mleuchtner> Can anybody tell me how to set an BMPSTRING in my extension?

The way X.509 extensions work, the whole structure of the value
resides in that OCTET STRING.  What you need to figure out is the
structure of the value and how to populate it.  This may mean that you
have to ask Microsoft.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte                         [EMAIL PROTECTED]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

BMPSTRING in extensions

Reply via email to