Re: asn1 encoding routines error: x509_extension, from ssl3_get_server_cert

Tue, 29 Oct 2013 02:55:32 -0700 

typo error

Hello Frank,

Sorry for the delayed reply. You mean to say Openssl  understands S/MIME
Capabilities extension but they is no logic to  handling the ASN1 sequence?


On Tue, Oct 29, 2013 at 3:20 PM, Mithun Kumar <mithunsi...@gmail.com> wrote:

> Hello Frank,
>
> Sorry for the delayed reply. You mean to say S/MIME Capabilities
> understands this extension but they is no logic to  handling the ASN1
> sequence?
>
> -mithun
>
>
> On Wed, Aug 7, 2013 at 1:57 PM, Frank Migge <pub...@frank4dd.com> wrote:
>
>> Dear Mithun,
>>
>> I came across this thread by researching the same question:
>> > > Does openssl support "S/MIME Capabilities" certificate extension?
>>
>> For the following shortened code:
>>
>>      /* display the cert extension list here */
>>      for (i=0; i<sk_X509_EXTENSION_num(ext_list); i++) {
>>         ASN1_OBJECT *obj;
>>         X509_EXTENSION *ext;
>>
>>         ext = sk_X509_EXTENSION_value(ext_list, i);
>>         obj = X509_EXTENSION_get_object(ext);
>>
>>         // ommitting a few fprintf lines of output formatting
>>         i2a_ASN1_OBJECT(outbio, obj);
>>         // ommitting a few fprintf lines of output formatting
>>
>>         if (!X509V3_EXT_print(outbio, ext, 0, 0)) {
>>         /* Some extensions (i.e. LogoType) have no handling    *
>>          * defined, we need to print their content as hex data */
>>           fprintf(cgiOut, "%*s", 0, "");
>>           M_ASN1_OCTET_STRING_print(outbio, ext->value);
>>         }
>>
>> ...used with a CSR having that extension set, I get this output:
>>
>> S/MIME Capabilities
>>
>> 050...*.H.. ......0...*.H.. ......0...+....0 ..*.H.. ..
>>
>> It seems that X509V3_EXT_print() fails to decode, and
>> M_ASN1_OCTET_STRING_print() kicks in to show the raw content.
>>
>> OpenSSL knows about the "S/MIME Capabilities" OID (1.2.840.113549.1.9.15
>> per RFC4262),  but it seems there is no handling for the ASN.1 sequence
>> underneath.
>>
>> There is a related <a href="http://www.mail-archive.com/openssl-
>> us...@openssl.org/msg58514.html">old thread</a> from 2009 with the recipe
>> for manually adding the SMIME Capabilities to openssl.cnf.
>>
>> I hope this helps!
>> Frank
>>
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    openssl-users@openssl.org
>> Automated List Manager                           majord...@openssl.org
>>
>
>

Reply via email to