Pierre De Boeck wrote:
>
> I would like to add PKI extensions in my certificates
> like AuthorityKeyIdentifier (id-ce 35). I use SslEay v 09.1b
> and it seems that its support for such extensions is incomplete.
>
> Do you know a patch or something like that that supports them
> (and specially their DER encoding/decoding). Otherwise I
> can implement it myself but I hate reinvent the wheel.
>
I'm adding this kind of stuff even as we speak. The latest CVS snapshot
includes support for extensions. This means that the values of
extensions are printed out properly:
Netscape Comment:
THIS IS A TEST CERTIFICATE
X509v3 Extended Key Usage:
2.16.840.1.113733.1.8.1, 2.16.840.1.113730.4.1
X509v3 Basic Constraints:
CA=TRUE, pathlen=10
Netscape Cert Type:
SSL CA, S/MIME CA, Object Signing CA
and they can also be set in config files:
basicConstraints=critical, CA:TRUE, pathlen:10
no more messing around with ca-fix!
The current snapshot includes basic constraints, extended key usage, key
usage and all the Netscape extensions.
I'm currently developing issuer and subject alternative name and next on
the list is subject key identifier and authority key identifier.
Steve.
--
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED]
NOTE NEW (13/12/98) PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
