On Wed, Jun 30, 2010, Mag wrote: > Thanks for the various replies. > > On Wed, Jun 30, 2010 at 4:26 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > > If you want an extension then you need to make use of the mini-ASN1 compiler > > to add the appropriate fields. > > > > Note that if you add a new OID name in this way it only affects that > > instance > > of OpenSSL: other applications and other instances of OpenSSL will still > > display the numeric version of the OID and they wont display the fields of > > an extension as they don't know how to parse and display it. > > Yes, I should've clarified this originally, I want to add extensions a > la the "Extensions" type. I did try out the form of adding new OIDs to > the distinguished name(s) and that seems to work ok, but can you > elaborate on what you mean by using the mini-ASN.1 compiler to support > new OIDs? > > As far as I can tell this refers to either generating an ASN.1 > encoding via the "asn1parse -genstr ..." or the ASN1_gen_nconf() > function. How are those intended to be integrated in creation of a > certificate? Does this require programmatically constructing the > certificates?
See: http://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
