Seems I do something wrong when I create/ convert my BMPSTRING. When I create
my certificate reqeust I always get an octet string value (FD FD FD FD AB AB AB
AB AB AB AB AB ) but no embedded bmpstring. Strange thing is, when I alternate
the string ("myTemplate") to an other string (of the same length) the octet
value (FD FD ...) don't change.
What's wrong?
Here's my code:
...
char* t = "myTemplate";
nid = OBJ_create("1.3.6.1.4.1.311.20.2", "szOID_ENROLL_CERTTYPE_EXTENSION",
"szOID_ENROLL_CERTTYPE_EXTENSION");
ASN1_BMPSTRING* str = ASN1_BMPSTRING_new();
ASN1_STRING_set(str, (unsigned char*)t, strlen(t));
int size = i2d_ASN1_BMPSTRING(str, NULL);
unsigned char *oStr = (unsigned char*)malloc(size);
i2d_ASN1_BMPSTRING(str, &oStr);
ASN1_OCTET_STRING *aos = ASN1_OCTET_STRING_new();
ASN1_STRING_set(aos, oStr ,size);
ext = X509_EXTENSION_create_by_NID(NULL, nid, 0, aos);
sk_X509_EXTENSION_push(exts, ext);
...
Thanks!
Michael
-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Dr. Stephen
Henson
Gesendet: Montag, 12. Februar 2007 13:43
An: openssl-users@openssl.org
Betreff: Re: BMPSTRING in extensions
On Mon, Feb 12, 2007, Michael Leuchtner wrote:
> Ok, I think I know the structure of the value. When I look at a "microsoft
> style" request samle with the openssl command line tool, I get the following
> output:
>
> ...
> 362:d=6 hl=2 l= 51 cons: SEQUENCE
> 364:d=7 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.20.2
> 375:d=7 hl=2 l= 38 prim: OCTET STRING
> 415:d=3 hl=3 l= 241 cons: SEQUENCE
> 418:d=4 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.311.13.2.2
> 430:d=4 hl=3 l= 226 cons: SET
> 433:d=5 hl=3 l= 223 cons: SEQUENCE
> 436:d=6 hl=2 l= 1 prim: INTEGER :02
> 439:d=6 hl=2 l= 78 prim: BMPSTRING
> 519:d=6 hl=3 l= 137 prim: BIT STRING
> 659:d=1 hl=2 l= 13 cons: SEQUENCE
> 661:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
> 672:d=2 hl=2 l= 0 prim: NULL
> 674:d=1 hl=3 l= 129 prim: BIT STRING
> OpenSSL> asn1parse -in testcert.txt -strparse 375
> 0:d=0 hl=2 l= 36 prim: BMPSTRING
> OpenSSL>
>
> So it seems that I have to add a BMPSTRING as a subfield of the OCTET STRING.
> But how can I do that?!
>
Create a BMPSTRING, generate its encoding with i2d_BMPSTRING and make that the
content of the OCTET STRING.
If you are using the file based extension functions in OpenSSL you can make use
of its mini-ASN1 compiler to achieve the same result.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project
core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
