how to add an extension to a X509 certificate ?

[delcour.pierre]

Hello everyone,

I would like to add an extension to a X509v3 certificate.
I wrote :
void Addmyextension(X509* cert, int nid, char* value, bool crit)
{
X509_EXTENSION* ex = X509_EXTENSION_new();   
ex->object = OBJ_nid2obj(nid);
crit? ex->critical = 0xff :  ex->critical = -1;  // Question 1
ASN1_STRING_set(ex->value, value, strlen(value)); // Question 2
X509_add_ext( cert, ex, -1); 
cout << " A :"<< toHex(ex->value->data) << endl;
   

}

Question 1 :
Is 0xff and -1 good value for critical state ? I found these one in 
x509_v3.c line 240...

Question 2 :
I don't think this line is good.
When i set the same text as i found in other extension, i don't have the 
same value in the asn1_string :

STACK_OF (X509_EXTENSION)* sk_ext = cert->cert_info->extensions;
X509_EXTENSION *ex2 =sk_X509_EXTENSION_value(sk_ext, 1);
cout << "B :"<<toHex(ex2->value->data) << endl;

I get :
A :43413A54525545
B :30030101FF

But this value must be the same (value = "CA:TRUE", A is the hexadecimal 
code of this char*). So i think my Addmyextension is not good.
I have a get function for convert the stack of extension to a map. I 
think i must create a similar function (which use BIO probably) for set 
an extension.

map<int,string> Certificate::getV3ext()
{
map<int,string> extension;
   ASN1_OBJECT *obj;
   // bio struct is use to read the X509_EXTENSION in this case (like a 
stream in c++)
   BIO *bio = BIO_new(BIO_s_mem());
   int i, len, n = X509_get_ext_count( _d_cert );
   char buffer[BUFFER_SIZE];
   X509_EXTENSION *ex;
   for (i=0; i<n; i++)     // for each extension found
   {
       string text = "";
       ex = X509_get_ext( _d_cert,i);         // get the type
       int type = OBJ_obj2nid(ex->object);    // convert it to integer
cout << "type  " << type  << " " <<  string(OBJ_nid2ln(type)) << endl;
       if (X509_EXTENSION_get_critical(ex))    // if critical
           text = CRITICAL_TEXTE;        //    add "critical, " text to 
the string
  
       if(!X509V3_EXT_print(bio, ex, 0, 0))    // read the text of this 
extention
           M_ASN1_OCTET_STRING_print(bio,ex->value);
       len = BIO_read(bio, buffer, BUFFER_SIZE);// here buffer contain 
the text, len the lenght of it.
       buffer[len] = '\0';            // add the EOT sign
       text += buffer;                // add the readed text to the string
       extension.insert(make_pair(type,text));    // put it in the map
   }
   BIO_free(bio);        // clear the bio "stream"
   return extension;     // retrun the map
}

But i can find how to use BIO feature for add  an extension.


Thanks in advance,
pierre delcour
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]