X509v3 extensions

Fri, 12 Sep 2008 03:55:00 -0700 

Dear participators,

trying to add some x509v3 extension awareness tu openssl
we've become a bit short for solutions.

x509 extensions are as versatile as asn1 permits. As extension
to certificates there are an object id and a critical flag 
followed by whatsoever.

If it comes to unknown oids at least the asn1parser comes short
for the structure and uses a OCTET_STRING replacement.

My question is: how may one implement an extension to make
openssl aware of yet unknown structures?

The idea was to ust the asn1 template classes together with
appropriate structures.

Given the case of following asn1 definition:

> ValidityModel::= SEQUENCE
> {
>     validityModelId    OBJECT IDENTIFIER
>     validityModelInfo   ANY DEFINED BY validityModelId OPTIONAL
> }

I'se tried some variations of the structure:

> typedef struct X509ValidityModelInfo_st {
>       STACK_OF(ASN1_OBJECT) *info;
> } X509VALIDITYMODELINFO;
> 
> DECLARE_ASN1_ITEM(X509VALIDITYMODELINFO)
> DECLARE_ASN1_FUNCTIONS(X509VALIDITYMODELINFO)

together with the following code snippet

> ASN1_SEQUENCE(X509VALIDITYMODELINFO) = {
>   ASN1_SET_OF(X509VALIDITYMODELINFO, info, ASN1_OBJECT),
> } ASN1_SEQUENCE_END(X509VALIDITYMODELINFO)
> 
> IMPLEMENT_ASN1_FUNCTIONS(X509VALIDITYMODELINFO)
>
>   int nid = OBJ_txt2nid("id-validityModel");
>   int index = X509_get_ext_by_NID(cert, nid, -1);
>   X509_EXTENSION *ext = X509_get_ext(cert, index);
> 
>   if (ext) 
>   {
>     ASN1_OCTET_STRING *os = X509_EXTENSION_get_data(ext); // OK so far...
>     const unsigned char *p = os->data;
>     X509VALIDITYMODELINFO *mi = d2i_X509VALIDITYMODELINFO(NULL, &p, 
> os->length);
>  ...

never fetches a result. Surely there may be some mistakes, but I've tried more
than one variation, even with debugging sessions. 

Sorry, I can't see anything. 
BTW: Source is of Version 0.9.8g running with W2K compiled with VC8 express.

Does any of you have an idea or a hint? A good example could be excellent.

TIA
---
Christian
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to