Dear Mithun,
I came across this thread by researching the same question:
> > Does openssl support "S/MIME Capabilities" certificate extension?
For the following shortened code:
/* display the cert extension list here */
for (i=0; i<sk_X509_EXTENSION_num(ext_list); i++) {
ASN1_OBJECT *obj;
X509_EXTENSION *ext;
ext = sk_X509_EXTENSION_value(ext_list, i);
obj = X509_EXTENSION_get_object(ext);
// ommitting a few fprintf lines of output formatting
i2a_ASN1_OBJECT(outbio, obj);
// ommitting a few fprintf lines of output formatting
if (!X509V3_EXT_print(outbio, ext, 0, 0)) {
/* Some extensions (i.e. LogoType) have no handling *
* defined, we need to print their content as hex data */
fprintf(cgiOut, "%*s", 0, "");
M_ASN1_OCTET_STRING_print(outbio, ext->value);
}
...used with a CSR having that extension set, I get this output:
S/MIME Capabilities
050...*.H.. ......0...*.H.. ......0...+....0 ..*.H.. ..
It seems that X509V3_EXT_print() fails to decode, and
M_ASN1_OCTET_STRING_print() kicks in to show the raw content.
OpenSSL knows about the "S/MIME Capabilities" OID (1.2.840.113549.1.9.15
per RFC4262), but it seems there is no handling for the ASN.1 sequence
underneath.
There is a related <a href="http://www.mail-archive.com/openssl-
us...@openssl.org/msg58514.html">old thread</a> from 2009 with the recipe
for manually adding the SMIME Capabilities to openssl.cnf.
I hope this helps!
Frank
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
