Hi, everyone,
Please excuse me if my question is silly; I am new to ASN1.
I am trying to read the "UPN" of a certificate issued by a Microsoft CA, that is, otherName in subjectAltName.
From the following post by Steve, I thought OpenSSL-0.9.8's parser can now read otherName. So I downloaded openssl-SNAP-20030322 and tested it. However, it prints out the hex dump of subjectAltName. I assume the parser did not understand GeneralString or something. Is that right?
naomaru% openssl asn1parse -in ~/openssl/naomaru_pmlab-fixed.pem
...
1361:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
1366:d=5 hl=2 l= 47 prim: OCTET STRING [HEX DUMP]:302DA02B060A2B060104018237140203A01D0C1B6E616F6D6172754070736C61622E6163746976636172642E636F6D
1415:d=1 hl=2 l= 13 cons: SEQUENCE
Am I doing something wrong, or OpenSSL 0.9.8 doesn't support reading otherName yet?
If latter, what can I do to make it possible?
Thank you.
List: openssl-users
Subject: Re: Kerberos/PKINIT compliant subjectAltName?
From: "Dr. Stephen Henson" <steve () openssl ! org>
Date: 2003-02-11 18:42:17
[Download message RAW]
On Tue, Feb 11, 2003, Dr. Stephen Henson wrote:
>
> When this is patched (probably the next snapshot) then this might work
> (I'm just writing this on the fly from the draft so no guarantees!):
>
>
> subjectAltName=otherName:1.3.6.1.5.2.2;ASN1:SEQUENCE:principal_seq
>
Made a typo above, it shouldn't have the "ASN1" bit and should instead say:
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:principal_seq
also I've now added GeneralString to the mini ASN1 compiler.
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: <http://www.openssl.org/>
Freelance consultant see: <http://www.drh-consultancy.demon.co.uk/>
Email: [EMAIL PROTECTED], PGP key: via homepage.
