On Wed, Jan 09, 2008, [EMAIL PROTECTED] wrote: > Hi, > > I wrote one C program to read the X509 certificate using OPENSSL > functions. > And I was trying access the different extensions and their values from > certificate. > First I am getting the NID of the extension using the below function. > > ----------------------- > nid=OBJ_sn2nid(trimmedExtensionName); > ----------------------- > > After getting the NID and am retrieving the value of the extension using > the above NID > > The problem is if I give the name of the extension given as in the > certificate, the OBJ_sn2nid function is throwing NULL value that means > it is unable to find the extension. > > If I write the same extension name which is given in the obj_mac.h then > the function is returning the value. > > For example if I am trying to retrieve the value of the > subjectalternativename from the certificate. In the certificate this > extension name is written as "SubjectAlternativeName" where as in the > obj_mac.h it is there as "subjectAltName". If I pass this value then I > am getting the correct result. > > At the sametime all the extensions in the certificate are not present in > the > obj_mac.h. > > What is the link between this function and obj_mac.h? > > Can I add any extensions to this file obj_mac.h? > If yes How to give the number of the NID? >
An object has two human readable strings associated with it a "short name" and a "long name". The short name as its name implies is shorter and rarely includes spaces, it is meant to be a brief description which can be included in things like configuration files as well. The long name is more descriptive and reabale. That version is used in the textual output of certificates. You can use OBJ_sn2nid() for the short name and OBJ_ln2nid() for the long name. You can also use OBJ_txt2nid() to look at both forms and the dotted numerical format. If you want to add objects you can edit objects.txt but that is not recommended because the new values will clash with future versions of OpenSSL. You can programmatically add new objects with OBJ_create(). However you wont be able to use those with extensions because additional functionality is needed to encode and decode them. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
