On Tue, Nov 09, 2004, ray v wrote: > Thanks Dr. Henson > > Ok this might be a sad indicator about my skill > regarding this matter. Autoconfig is? >
Its a mechanism where compliant OpenSSL applications can load various configuration related options from a text file. Currently this includes new OIDs. This has only been documented fairly recently so not many applications currently support it. The "openssl" utility does though. > Basically all I want to do is use the OID assigned to > my company to include extra data in the example below. > Quite honestly if the VAL1 were seen by other > applications as just the OID = value thats perfectly > ok with me. > > O=mycompany > OU=mydepartment > CN=myuser > VAL1=something > Val2=something else > Val3=some number > > Can I do this with out patching the openssl code and > compiling special versions for each platform I have? > Ah now that's a different thing. That would be in the certificate subject name as opposed to an extension. Is there some specific reason you want your companies OIDs in there? There are a lot of standard OIDs available which might suit your purposes. > > Look in the config(5) manual page also at: > > > > http://www.openssl.org/docs/apps/config.html > > > > However you can't automatically add an extension > > just because OpenSSL has a > > name for an OID. The standard extensions have > > support code which can be used > > to translate parts of the configuration file into > > the appropriate extension > > syntax. > > Can you translate this into something a lay person > like myself can understand? > Well what I mean is that when a configuration file contains something like: basicConstraints=CA:TRUE, pathlength:7 it doesn't just put the string "CA:TRUE, pathlength:7" in the certificate it converts this human readable string into a specifically encoded structure. In other words there's some code added to OpenSSL that translates that string into the form in the certificate. There's also some code that does the reverse operation: converts the form in the certificate into a human readable version. Other extensions have different translation code. As a result you can't just add a random OID as the extension type because OpenSSL doesn't know how to translate it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
