Hello Frank,
Sorry for the delayed reply. You mean to say S/MIME Capabilities
understands this extension but they is no logic to handling the ASN1
sequence?
-mithun
On Wed, Aug 7, 2013 at 1:57 PM, Frank Migge <pub...@frank4dd.com> wrote:
> Dear Mithun,
>
> I came across this thread by researching the same question:
> > > Does openssl support "S/MIME Capabilities" certificate extension?
>
> For the following shortened code:
>
> /* display the cert extension list here */
> for (i=0; i<sk_X509_EXTENSION_num(ext_list); i++) {
> ASN1_OBJECT *obj;
> X509_EXTENSION *ext;
>
> ext = sk_X509_EXTENSION_value(ext_list, i);
> obj = X509_EXTENSION_get_object(ext);
>
> // ommitting a few fprintf lines of output formatting
> i2a_ASN1_OBJECT(outbio, obj);
> // ommitting a few fprintf lines of output formatting
>
> if (!X509V3_EXT_print(outbio, ext, 0, 0)) {
> /* Some extensions (i.e. LogoType) have no handling *
> * defined, we need to print their content as hex data */
> fprintf(cgiOut, "%*s", 0, "");
> M_ASN1_OCTET_STRING_print(outbio, ext->value);
> }
>
> ...used with a CSR having that extension set, I get this output:
>
> S/MIME Capabilities
>
> 050...*.H.. ......0...*.H.. ......0...+....0 ..*.H.. ..
>
> It seems that X509V3_EXT_print() fails to decode, and
> M_ASN1_OCTET_STRING_print() kicks in to show the raw content.
>
> OpenSSL knows about the "S/MIME Capabilities" OID (1.2.840.113549.1.9.15
> per RFC4262), but it seems there is no handling for the ASN.1 sequence
> underneath.
>
> There is a related <a href="http://www.mail-archive.com/openssl-
> us...@openssl.org/msg58514.html">old thread</a> from 2009 with the recipe
> for manually adding the SMIME Capabilities to openssl.cnf.
>
> I hope this helps!
> Frank
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
