If you look here: https://www.openssl.org/docs/man1.1.0/man3/X509_NAME_ENTRY_get_data.html
It states: *X509_NAME_ENTRY_get_data() retrieves the field value of ne in and ASN1_STRING structure.* Unfortunately this does not work for any non-string X.500 attributes such as x500UniqueIdentifer which is defined as an ASN.1 BIT STRING. I am only looking to fix in OpenSSL 1.1.1, what was previously working in all older versions of OpenSSL all the way back to 0.9.7 which included a way to support non-string attributes in X509_NAME_ENTRY. Thanks. Lisa. On Mon, 17 Jun 2019 at 22:37, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > On Mon, Jun 17, 2019 at 09:19:41PM -0700, Lisa Matias wrote: > > > X509_NAME_ENTRY *nameEntry; > > nameEntry = X509_NAME_ENTRY_create_by_NID (&nameEntry, nid, > > derTagToVType (tag), buffer, bufferLength); > > *nameEntry->value->flags = specifiedFlags;* > > Can you be a bit more explicit about why you need to do this? > What flags do you intend to set and why? > > That said, you can use: > > ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); > > to get the ASN1_STRING holding the value, and since ASN1_STRINGs > are not opaque types, you can just use: > > value->flags = ... > > asuming that's a sensible thing to do. You may however be straying > into undocumented behaviour, and so it might be good to know whether > perhaps there's a better way of getting the result you actually want. > > -- > Viktor. >
