On Thu, Mar 03, 2005, Zerg wrote: > Hi,all. > Sorry for my english. > Please help me to clarify the using of the such ASN1 structure in > RDNSequence and in SubjectDirectoryAttributes. > Why do they have different ASN1 structure, if they play the same role but in > different contexts. > > For what reason there is "SET OF"? OpenSSL always used only one SEQ in > every SET.
OpenSSL does that because that's what the standards require. If it did anything else certificates wouldn't be compatible with other implementations. OpenSSL doesn't *always* use only one SET OF member it just usually does. There are ways of using more than one its just that in practice this is very rarely used. > > SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF > Attribute > Attribute ::= SEQUENCE { > type Attributetype, > values SET OF AttributeValue } Why "SET OF" is used exactly in this > place instead of place of previous ASN1 Structure. > By the way, does OpenSSL support of "SubjectDirectoryAttributes" > extension?If not,In what the most painless way this can be done? > You'd have to ask the standards groups why they chose to do things that way. OpenSSL doesn't directly support that extension but you can add it using the mini-ASN1 compiler in 0.9.8. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]