Hi,
I was trying to find a custom extension using its object identifier (in
decimal) : "1, 3, 6, 1, 5, 5, 7, 1, 100".
It seems to me that only CERT_FindCertExtension() function is public. But it
takes an integer tag that gets mapped to the actual object identifier. Does
it mean that i would need to add my extension (dynamically or in source
code) to the existing map of oids?
I tried to add my object identifier dynamically:
static SECOidTag addClientCertOID()
{
const unsigned char client_cert[] = { 1, 3, 6, 1, 5, 5, 7, 1,
100 };
SECOidData clientCertOID = { siDEROID, (unsigned char
*)client_cert, sizeof client_cert,
SEC_OID_UNKNOWN, "Client Certificate Usage",
CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION };
SECOID_Init();
return SECOID_AddEntry(&clientCertOID);
}
static SECOidTag OID_CLIENT_CERT = addClientCertOID();
The object identifier gets added but the following call fails to find this
extension in the certificate:
CERT_FindCertExtension(node->cert, OID_CLIENT_CERT, encitem)
After debugging, i found that SECItem objects that contain oid from the
certificate and oid corresponding to the OID_CLIENT_CERT tag donot match.
Could anyone please advise me on what format to use when adding an extension
using an object identifier or any better way of checking an extension in a
certificate?
Thanks!
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
