> If I want to do this job by standard openssl API, how to accomplish this/A rough sketch would be: // set up context X509V3_set_ctx(...) X509_EXTENSION *ext; // read ext information ext = X509V3_EXT_conf(...) // add extension if (!X509_add_ext(cert, ext, ...) { error output } You need to fill in data structures and details according to your app context.
Thanks. But it seems that I must add my custom information as extension when the certificate is being created. Can I add to the certificate which has already been created ? I found that in X509V3_set_ctx(...) I have to load the CA certificate. If I just know the location of CA certificate, can I accomplish that? On the other hand, after I add extension successfully, I should call X509_get_ext() to fetch the information, shouldn't it? Is its sketch similar? Thanks in advance. Best Regards, Ian ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
