On Wed, Aug 04, 2010, Bram Cymet wrote:
> HI,
>
> Give a configuration like the following:
>
> subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name
>
>
> # Copy subject details
>
> issuerAltName=issuer:copy
>
> [princ_name]
> realm = EXP:0, GeneralString:${ENV::REALM}
> principal_name = EXP:1, SEQUENCE:principal_seq
>
> [principal_seq]
> name_type = EXP:0, INTEGER:1
> name_string = EXP:1, SEQUENCE:principals
>
> [principals]
> princ1 = GeneralString:${ENV::CLIENT}
>
>
> Can someone give me an idea of how openssl would encode this, or at
> least point me at the code that would encode this so I can figure it out.
>
> I am trying to figure out the asn1 structures that would be created.
>
Well the ${ENV::xxx} stuff is environment variable expansion.
If you want to see what structure is created your easiest option is to create
a tets certificate using that configuration and check the subjectAltName
extension using asn1parse. There is also an option to asn1parse that uses the
mini-ASN1 compiler with similar syntax.
It's not too hard to figure out from the docs, for example:
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name
Is subjectAltName extension, using otherName option and that OID, the value is
a SEQUENCE defined by the section "princ_name":
[princ_name]
realm = EXP:0, GeneralString:${ENV::REALM}
principal_name = EXP:1, SEQUENCE:principal_seq
>From above that SEQUENCE consists of an explicit tag 0 GeneralString with
REALM environment variable value and another explicit tage 1 SEQUENCE
described by the section principal_seq, etc etc.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
