On Mon, Apr 20, 2015 at 01:57:47PM +0000, Salz, Rich wrote:
> > How do we use `openssl req` and a CONF file to add the information
> > (assuming we already have the certified timestamps)?
>
> Ouch, that's gonna be nasty. Look at ASN1_generate_nconf.pod Most likely
> have to use the SEQUENCE type, recursively. Ouch indeed.
>
> A patch to let you specify the DER directly would be useful.
No patch required:
http://web.mit.edu/crypto/openssl.cnf
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
--
Viktor.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
