Angus Robertson - Magenta Systems Ltd wrote:
I'm creating X509 certificate requests and certificates in code,
trying to add X509v3 Subject Alternative Name, with 1.1.0f.
But if I add a list of four domains, ie:
The certificate seems to ignore some and repeat others:
To answer my own question, I was using ASN1_STRING_set0 instead of
ASN1_STRING_set and the original ANSI string was a temporary variable,
so got lost as a new string was added since it was not copied.
But there must be an easier way of adding SANs to certificates than
using undocumented GENERAL_NAME APIs.
Fyi, here's how we autogenerate certificates in OpenLDAP, with subjectAltNames
populated.
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=servers/slapd/overlays/autoca.c;h=5a8ec1b481376df08d4ca7d60bc8fe6d5ad56864;hb=HEAD
The corresponding manpage is here
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=doc/man/man5/slapo-autoca.5;h=920c1fe189fc6767b3b8425a985488910b83fadb;hb=HEAD
and our test suite script to put it thru its paces is here
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=tests/scripts/test066-autoca;h=05e221b313225f23fe9986003eebcd3ba2be5ce8;hb=HEAD
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
