Re: [PATCH] Undefined identifiers in objects.txt

Thu, 04 Apr 2002 10:24:29 -0800 

From: Svenning Sorensen <[EMAIL PROTECTED]>

sss> I was in for a surprise when I added some custom objects into objects.txt.
sss> 
sss> Since I wanted to use our private enterprises OIDs, I used the form:
sss> 
sss> enterprises 1527 1 : myobj         : My Object
sss> 
sss> (same form as the dcObject already in there)
sss> However, "enterprises" is undefined, so my object ended up at the root
sss> (i.e. 1527.1 instead of 1.3.6.1.4.1.1527.1) without a warning.

To be perfectly honest, I think you're dong this the wrong way.  I
assume you're using the openssl command to do stuff, and in the case,
the right thing is to have the desired extra OIDs in openssl.cnf.
Here's an example from my toy CA (this chunk is placed at the
beginning of the file):

----------8<----------
oid_section             = new_oids

#...

[ new_oids ]

LP=1.3.6.1.4.1.5168
LPpolicies=${LP}.1
LPpolicies_noAssurance=${LPpolicies}.1
LPpolicies_rudimentaryAssurance=${LPpolicies}.2
LPpolicies_basicAssurance=${LPpolicies}.3
LPpolicies_mediumAssurance=${LPpolicies}.4
LPpolicies_highAssurance=${LPpolicies}.5
LPpolicies_testAssurance=${LPpolicies}.10
----------8<----------

The names given in the new_oids section can then be used anywhere
where I'd have a built-in OID.

If you're building an application of your own, you should probably
program the OIDs in whatever way you like to be used by it.  In all
cases, messing with objects.txt is something I do not recommend, if
for nothing else then because of all the magic in it.


And before someone asks: no, I haven't written any document about this
arc yet.  Actually, if someone knows the best way to publish something
like that, I'd like to know.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to