On Sat, Jan 18, 2014, Graham Leggett wrote: > > Some more digging and I still can't find how openssl parses extensions. > > Reverse engineering the code, it appears that ASN1_generate_v3() expects to > be passed a parameter string that is a name value pair separated with a > colon, which the string "nonRepudiation" isn't. > > I tried passing the string "OID:1.3.6.1.5.5.7.3.2" for the extendedKeyUsage > extension, and ASN1_generate_v3() goes through the motions, but the client > side complains that the extendedKeyUsage value in the generated certificate > is invalid. > > Can anyone explain what the correct sequence of API calls should be to > convert "nonRepudiation" and "clientAuth" into something that openssl can > add as an extension to a certificate? >
Have a look at demos/x509/mkcert.c Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
