Re: Different values when parsing extensions

Mon, 13 Dec 2004 09:11:36 -0800 

On Mon, Dec 13, 2004, Zerg wrote:

> Hi all.
> I add the such extension to CSR with config file
>  authorityInfoAccess = CA Issuers;email:[EMAIL PROTECTED]
> parsing  my config  file and
> using X509V3_EXT_REQ_add_conf    call
> 
> but when  I have  manualy parsed the request with such code
> 
> ext - authorityInfoAccess  extension
> method = X509V3_EXT_get(ext);
> p = ext->value->data;
> if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length,
> ASN1_ITEM_ptr(method->it));
> else ext_str = method->d2i(NULL, &p, ext->value->length);
> if(method->i2v)
>         if(!(nval = method->i2v(method, ext_str, NULL)))
>     {
> for (j = 0; j < sk_CONF_VALUE_num(nval); j++)
> {
> valcnf = sk_CONF_VALUE_value(nval, j);
> printf("%s:%s\n",valcnf->name,valcnf->value);
> }
> }
> 
> and I've got the next value  of  this extension:
> "CA Issuers - email:[EMAIL PROTECTED]"
> 
> valcnf->name = CA Issuers - email
> valcnf->value = [EMAIL PROTECTED]
> 
> but I need that value  "CA Issuers;email:[EMAIL PROTECTED]"!The value that I
> have assumed in config file.
> By the way, when I copying  "CA Issuers - email:[EMAIL PROTECTED]"  to config
> file:
> authorityInfoAccess = CA Issuers - email:[EMAIL PROTECTED]
>  X509V3_EXT_REQ_add_conf  come into obscurity.
> The same situation with  keyUsage, I am writing   to config  -
> "keyCertSign", and I've got "Certificate Sign".How to get the same value
> with that I've pointed in the config file?
> Any suggestions?
> 

The textual representation is a human readable version of the encoded
extension: in general it isn't the same format as used in the config file
(which is less readable and restricted in various ways).

What are you trying to do?

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to