Dear Steve,
Thank you for your comment. I understand the usage of this
extension and fully agree with you.
Best Regards,
-Kiyoshi
Kiyoshi Watanabe
> On Thu, Oct 03, 2002, Kiyoshi WATANABE wrote:
>
> >
> > Dear all, I want to know the way to implement to
> > set the CRLNumber extension in CRL using openssl-0.9.7 beta 3.
> >
>
> The extension is already supported, but not in the 'ca' application which
> generates CRLs.
>
> > In the crypto/x509v3 directory, there is a flie v3_ini.c. In this
> > source code, the X509V3_EXT_MEHTOD is already defined. Fisrt I think
> > that I should add the(X509V3_EXT_S2I)s2i_ASN1_INTEGER in the structure,
> > since the s2i_ASN1_INTEGER code is also defined in v3_util.c.
> >
> > 59 #include <stdio.h>
> > 60 #include "cryptlib.h"
> > 61 #include <openssl/x509v3.h>
> > 62
> > 63 X509V3_EXT_METHOD v3_crl_num = {
> > 64 NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
> > 65 0,0,0,0,
> > 66 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
> > 67 0,
> > 68 0,0,0,0, NULL};
> > 69
> >
> > In line 67, I will add the (X509V3_EXT_S2I)s2i_ASN1_INTEGER
> >
> > In the CRLNumber extension, the ASN.1 in RFC 3280 says:
> >
> > CRLNumber ::= INTEGER (0..MAX)
> >
> > Then I should define the ASN1 macro, but now I do no know how to
> > define the ASN1 macro to define the ASN.1.
> >
> > Looking at some others examples, if you have a sequence tag, the macro
> > will start like :
> >
> > ASN1_SEQUENCE(....)
> > ...
> > ASN1_SEQUENCE_END(....)
> >
> > However the CRLNumber is just INTEGER. I want to know simply just
> > define the macro to use or any pointer to take a look at.
> >
> > I would be very appreciated if you give me some suggestion.
> >
>
> Its already in there: ASN1_ITEM_ref(ASN1_INTEGER).
>
> What you cannot currently do, as I mentioned is to add this extension using
> the 'ca' application. There isn't an s2i_ASN1_INTEGER in the structure for a
> reason: this is to stop the extension being used in config files.
>
> Config files are fine for the static extensions whose value will be the same,
> however CRLNumber has to increase with each new CRL issued. If you could add
> CRLNumber from a config file this may well result in distinct CRLs having the
> same number which is a bad thing(tm).
>
> What is really needed is to handle CRLNumber as a special case, for example
> via a file which is treated in a similar way to the serial number and updated
> with each CRL issued.
>
> Steve.
> --
> Dr. Stephen Henson [EMAIL PROTECTED]
> OpenSSL Project http://www.openssl.org/~steve/
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
