Re: othername in subjectAltName

Wed, 12 Jun 2002 00:59:40 -0700 

On Wed, Jun 12, 2002 at 09:07:40AM +0200, Michael Bell wrote:
> Vadim Fedukovich schrieb:
> > 
> > On Tue, Jun 11, 2002 at 01:46:40PM +0200, Michael Bell wrote:
> > > Hi,
> > >
> > > I start a simple implementation of othername only for strings in the
> > > subject alternative name. Actually I have a problem with the resolving
> > > of the ASN1_TYPE.
> > >
> > > OTHERNAME is defined like this in crypto/x509v3/x509v3.h:
> > >
> > > typedef struct otherName_st {
> > > ASN1_OBJECT *type_id;
> > > ASN1_TYPE *value;
> > > } OTHERNAME;
> > >
> > > The problem is that I must do a typecast to store a special type in
> > > *value but I must know the type in crypto/asn1/tasn_enc.c where
> > > ASN1_item_ex_i2d must calculate the length of the sequence.
> > >
> > > The code crashs in the loop after /* First work out sequence content
> > > length */ at the second iteration in the line
> > >
> > > seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt);
> > >
> > > Is there a trick to get the type from the structure or must I change
> > > x509v3.h (ASN1_TYPE --> ASN1_CHOICE) and define the supported
> > > ASN1-types?
> > 
> > "Policy" certificate extension generator may be an example to do this.
> > Naina package: http://www.unity.net/~vf/naina_r1.tgz
> 
> Not really. The problem is that value can be every (!!!) ASN1_TYPE. So
> is there a difference in the resulting ASN1 if I use an ASN1_CHOICE to
> build the structure?

ASN1_TYPE could be handly for two-pass encoding while ASN1_CHOICE
will do it at once. Any type could be encoded at the 1st step.

> typedef struct otherName_st {
> ASN1_OBJECT *type_id;
> ASN1_CHOICE *value;
> }
> 
> ASN1_CHOICE(OTHERNAME) = {
>    ...
> } ASN1_CHOICE_END(OTHERNAME)
> 
> (including new unions etc.)
> 
> Is this compatible with ASN1_TYPE *value?

I dont know object-based choice technique and would also like to learn it.
It may be useful for parsing pkcs7 signed parts of SET messages.

Vadim
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to