chandu wrote:
>
> Hi all,
>
> I have a question regarding the adding of the Key usage attribute to the
> PKCS10 certificate request. I tried using the following code..
>
> ikeyUsageAttr = X509v3_KU_DIGITAL_SIGNATURE;
>
> iRetVal = X509_REQ_add1_attr_by_NID(preq, NID_key_usage,V_ASN1_INTEGER,
> &(ikeyUsageAttr), 4);
>
> When I try to print the request using X509_REQ_print, it is not printing the
> key usage attribute. It is giving
> "Unable to print the value of the attribute"
>
> In X509_REQ_print ( ) function , there is no option to print the value of
> attribute of either type V_ASN1_INTEGER or V_ASN1_BIT_STRING....
>
> My question is whether I am following the correct way to add the Key usage
> attribute.. If not what is the correct way to add it. If Yes What is the
> way to check and print the value of the key usage attribute...
>
No, that isn't the way to add extensions to a certificate request.
Currently this is a bit awkward. There are several ways to do this, for
example:
STACK_OF(X509_EXTENSION) *extensions;
X509_EXTENSION *ku_ext;
extensions = sk_X509_EXTENSION_new_null();
ku_ext = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage,
"digitalSignature");
sk_X509_EXTENSION_push(extensions, ku_ext);
/* Maybe add other extensions here ...*/
X509_REQ_add_extensions(preq, extensions);
sk_X509_EXTENSIONS_pop_free(extensions, X509_EXTENSION_free);
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
