> From: owner-openssl-users On Behalf Of redpath
> Sent: Friday, November 29, 2013 09:42
> To: openssl-users@openssl.org
> Subject: *** Spam *** RE: Adding a custom extension to a CSR
>
> Sample abstract code, you should see this extension in your x509 when
you
> use the openssl x509 -in mycsr -text
>
> You have to register an OID, I just picked one at random.
>
>
> os =ASN1_OCTET_STRING_new();
> nid = OBJ_create("1.3.18.0.2.10.8", "myalias", "myaliasname");
> ASN1_OCTET_STRING_set(os, "ABC test", 8);
> ret = X509_EXTENSION_create_by_NID( NULL, nid, 0, os );
> X509_add_ext(x,ret,-1)
>
This actually does a cert (X509) not a CSR (X509_REQ) as asked,
but the difference is small, and the OP had that part right already.
More importantly, this does not create an extension value that
contains a DER encoding, as required by X.509 and RFC 5280.
Some programs may not notice the error: openssl req -text
and x509 -text don't by default, but ext_parse does; and some
(many?) other programs won't even look at an unknown
extension's value. But any program that actually wants
this extension, which the OP is presumably accomodating,
will probably be unable to use it.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
