> The problem is if I give the name of the extension given as in the > certificate,
What is the "name of the extension given as in the certificate"? Certificates don't contain extension names. > the OBJ_sn2nid function is throwing NULL value that > means it is > unable to find the extension. Probably because it is unable to map the extension name to an extension object identifier. > If I write the same extension name which is given in the > obj_mac.h then the > function is returning the value. Because that's the table that OBJ_sn2nid uses to map extension names to extension identifier. > For example if I am trying to retrieve the value of the > subjectalternativename from the certificate. In the certificate this > extension name is written as "SubjectAlternativeName" How did you determine that? Certificates don't contain extension names. Most likely the program you used to view the certificated mapped the OID 2.5.29.17 to the strong "SubjectAlternativeName", but it just did this for your covenience in viewing the extension. > where as in the > obj_mac.h it is there as "subjectAltName". If I pass this value then I am > getting the correct result. Because that is the name this tool uses for OID 2.5.29.17. > At the sametime all the extensions in the certificate are not > present in the > obj_mac.h. The certificate is meant to be machine-readable, not human-readable. It will contain whatever certificates the issues wants to put in it, whether or not OpenSSL knows what they are or how to best display them. > What is the link between this function and obj_mac.h? The obj_mac.h file contains #define's for the internal names that OpenSSL uses to refer to those extensions it knows about. > Can I add any extensions to this file obj_mac.h? Yes, but that won't do anything. That won't make them make to the OID. > If yes How to give the number of the NID? OBJ_txt2nid can take the numerical representation of an extension. In fact, OBJ_txt2nid can take the long name, short name, or the numerical representation. I would suggest not trying to teach OpenSSL to understand new extensions unless you need those extensions supported by OpenSSL tools. For example, if you want 'openssl x509 -text ...' to output the extension nicely, you have no choice. Otherwise, just create a header file that #define's a tag for your extension and replaces to its numeric identifier. Pass that to OBJ_txt2nid. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
