From: Svenning Sorensen <[EMAIL PROTECTED]> sss> I was in for a surprise when I added some custom objects into objects.txt. sss> sss> Since I wanted to use our private enterprises OIDs, I used the form: sss> sss> enterprises 1527 1 : myobj : My Object sss> sss> (same form as the dcObject already in there) sss> However, "enterprises" is undefined, so my object ended up at the root sss> (i.e. 1527.1 instead of 1.3.6.1.4.1.1527.1) without a warning.
To be perfectly honest, I think you're dong this the wrong way. I assume you're using the openssl command to do stuff, and in the case, the right thing is to have the desired extra OIDs in openssl.cnf. Here's an example from my toy CA (this chunk is placed at the beginning of the file): ----------8<---------- oid_section = new_oids #... [ new_oids ] LP=1.3.6.1.4.1.5168 LPpolicies=${LP}.1 LPpolicies_noAssurance=${LPpolicies}.1 LPpolicies_rudimentaryAssurance=${LPpolicies}.2 LPpolicies_basicAssurance=${LPpolicies}.3 LPpolicies_mediumAssurance=${LPpolicies}.4 LPpolicies_highAssurance=${LPpolicies}.5 LPpolicies_testAssurance=${LPpolicies}.10 ----------8<---------- The names given in the new_oids section can then be used anywhere where I'd have a built-in OID. If you're building an application of your own, you should probably program the OIDs in whatever way you like to be used by it. In all cases, messing with objects.txt is something I do not recommend, if for nothing else then because of all the magic in it. And before someone asks: no, I haven't written any document about this arc yet. Actually, if someone knows the best way to publish something like that, I'd like to know. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]