Re: How to set my custom information in certificate

Fri, 13 Jul 2007 02:17:15 -0700 

Hi,

I built a test code to fetch the custom information from X509_add_ext().

The test codes are as following:

----------------  codes for fetching extension --------

static char *get_distribution_point(X509 *cert) {
 int                   extcount, i, j;
 const char            *extstr;
 CONF_VALUE            *nval;
 unsigned char         *data;
 X509_EXTENSION        *ext;
 X509V3_EXT_METHOD     *meth;
 STACK_OF(CONF_VALUE)  *val;
 void                   *ext_str = NULL;

 if ((extcount = X509_get_ext_count(cert)) > 0) {
   for (i = 0; i < extcount; i++) {
     ext = X509_get_ext(cert, i);
     extstr = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext)));
        
     if (strcasecmp(extstr, "proxyCertInfo"))
     {
        printf("ext string is : %s\n",extstr);
        continue;
        }

     if (!(meth = X509V3_EXT_get(ext))) break;
     data = ext->value->data;
//      val = meth->i2v(meth, meth->d2i(0, &data, ext->value->length), 0);
#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
        if (meth->it)
        ext_str = ASN1_item_d2i(NULL, &data, ext->value->length,
        ASN1_ITEM_ptr(meth->it));
        else
        ext_str = meth->d2i(NULL, &data, ext->value->length);
#else
        ext_str = meth->d2i(NULL, &data, ext->value->length);
#endif
        val = meth->i2v(meth, ext_str, NULL);
     for (j = 0;  j < sk_CONF_VALUE_num(val);  j++) {
       nval = sk_CONF_VALUE_value(val, j);
       if (!strcasecmp(nval->name, "URI"))
         return strdup(nval->value);
     }
   }
 }
 return 0;
}
--------------------------------------------------------------------

The codes above  is to get the value from extension section of
certificate. However, no matter how I try to run the code, it alway
threw out a segmentation fault. The segfault error occurred in the
line:

val = meth->i2v(meth, ext_str, NULL);

I have no idea what is wrong with it.

Could anybody give me some advice?

Thank in advance.

Best Regards,

Ian


On 7/13/07, Ian jonhson <[EMAIL PROTECTED]> wrote:

> No.  Once the certificate has been signed it's done.  If you want
> to change anything you have to resign (recreate) it.
>

OK, then how to fetch the custom information? Is it same as the sketch
but using X509_get_ext()?


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to