Hi Patrick, all, thanks for correcting my assumptions.
Thus wrote Eisenacher, Patrick (patrick.eisenac...@bdr.de): > That line only defines the label "testoid1" and assigns the value > "1.2.3.4". > To use a private oid, you have to define its asn1 structure first. > Afterwards you can include it in your request or certificate by > referencing it in the appropriate config file section. If you defined > a label, you can reference it by that name, otherwise you just use the > dotted notation. > > Amongst my first questions is, when you add OIDs in this manner are > > you able to use the command line tool to supply values or does this > > require programmatic construction of certificates? (There's obviously > > the further question if yes of how the data is typed.) > Yes, of course those defines are picked up by the commandline tools. Now I understand that the oid definitions in the config file are not just used internally (for defining extensions etc) but they're picked up by the command line tools. Is it correct that only req and ca use the oid definitions and others like x509 don't? I generated a certificate request and a test certificate with an extension that has the oid 1.2.3.4 and defined [ new_oids ] myNewLabel = 1.2.3.4 in openssl.cnf openssl req -in myReq.pem -noout -text shows the name myNewLabel when it displays the extension openssl x509 -in myCert.pem -noout -text shows only the numeric representation. In this case, I'd really need to modify the sources to make openssl display the name. Is my understanding correct or am I missing something? Thanks, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
