On Fri, Jun 06, 2008, delcour.pierre wrote: > Hello everyone, > > I have a different problem now. I want to add a "X509v3 Authority Key > Identifier" field in a x509v3 certificate. > This field must have these three parts : > - keyid (the keyid of the issuer) > - dirname (the same string as issuer field) > - serial (of issuer) >
Actually that's not true. If must have keyid and/or both dirname and serial. It is quite acceptable (and a good idea) to just use keyid. > > > int type = NID_authority_key_identifier; > char* value = > ""keyid:A6:40:81:F6:3E:4A:AC:08:E7:76:17:01:91:CD:DF:39:D7:CB:FC:14, > DirName:O=O, OU=OU, CN=CN/dnQualifier=pkCB9j5KrAjndhcBkc3fOdfL/BQ=, > serial:01\n"; // here i m not sure how to write it. > X509_EXTENSION *ex; X509V3_CTX ctx; > X509V3_set_ctx_nodb(&ctx); X509V3_set_ctx(&ctx, _d_cert , _d_cert, > NULL, NULL, 0); // self signed > ex = X509V3_EXT_conf_nid(NULL, &ctx, type , value); > if (ex == NULL) > throw Odici_exception(DEV_NULL_ERR,"Error in > Certificate::setV3Extention(), Extensions can't be set"); > X509_add_ext(_d_cert,ex, -1) ; X509_EXTENSION_free(ex); > // free temp extension > > With this value, if there is no exception thrown, i only have the keyid > part... > > How can i set this extension ?? If you really want to have both you need to include the appropriate issuer certificate in the session context, then it is used automatically if you use the correct value syntax. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
