On Thu, Mar 03, 2005, Zerg wrote:
> Hi,all.
> Sorry for my english.
> Please help me to clarify the using of the such ASN1 structure in
> RDNSequence and in SubjectDirectoryAttributes.
> Why do they have different ASN1 structure, if they play the same role but in
> different contexts.
>
> For what reason there is "SET OF"? OpenSSL always used only one SEQ in
> every SET.
OpenSSL does that because that's what the standards require. If it did
anything else certificates wouldn't be compatible with other implementations.
OpenSSL doesn't *always* use only one SET OF member it just usually does.
There are ways of using more than one its just that in practice this is very
rarely used.
>
> SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF
> Attribute
> Attribute ::= SEQUENCE {
> type Attributetype,
> values SET OF AttributeValue } Why "SET OF" is used exactly in this
> place instead of place of previous ASN1 Structure.
> By the way, does OpenSSL support of "SubjectDirectoryAttributes"
> extension?If not,In what the most painless way this can be done?
>
You'd have to ask the standards groups why they chose to do things that way.
OpenSSL doesn't directly support that extension but you can add it using the
mini-ASN1 compiler in 0.9.8.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
