Thank you both for your helpful comments, I used i2d_ASN1_OCTET_STRING now before including the data into the certificate.
Is there any way to tell the OpenSSL x509 command line tool to display these in a hex representation so they are human readable when we'd like to inspect a certificate? Cheers, Chris On 06/08/2010 02:06 PM, Dr. Stephen Henson wrote: > On Tue, Jun 08, 2010, Bruce Stephens wrote: > > >> decoder <deco...@own-hero.net> writes: >> >> [...] >> >> >>> Ok, so what I am currently doing is something like >>> >>> asndata = ASN1_OCTET_STRING_new(); >>> ASN1_OCTET_STRING_set(asndata, myData, myLength); >>> >>> and then I add asndata to an extension I create: >>> >>> ex = X509_EXTENSION_create_by_NID( NULL, nid, 0, asndata ); >>> >>> >>> In the one case, myData was the hex encoded data, in the other case it >>> was my raw binary data. >>> >>> Is the DER encoding included here and if not, how can I add it for the >>> raw data? >>> >> I think it's not. OpenSSL seems fine with the result, though, so >> perhaps you'll be OK. >> >> > OpenSSL is fine with including raw data in an extension but it is technically > illegal so added an encoded OCTET STRING in there is advisable. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
smime.p7s
Description: S/MIME Cryptographic Signature
