Re: PHP openssl_x509_parse extensions=>subjectAltName

[Jeffrey Walton]

On Sun, May 13, 2012 at 4:31 PM, Thomas Anderson <zeln...@gmail.com> wrote:
> On Sun, May 13, 2012 at 2:00 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
>> On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson <zeln...@gmail.com> wrote:
>>> openssl probably just doesn't recognize that OID.  Here's what
>>> phpseclib (the latest SVN) shows for that particular extension:
>>>
>>>    [8] => Array
>>>        (
>>>            [extnId] => id-ce-subjectAltName
>>>            [critical] =>
>>>            [extnValue] => Array
>>>                (
>>>                    [0] => Array
>>>                        (
>>>                            [otherName] => Array
>>>                                (
>>>                                    [type-id] => 1.3.6.1.4.1.311.20.2.3
>>>                                    [value] => t...@kontorlan.tag.no
>>>                                )
>>>
>>>                        )
>>>
>>>                )
>>>
>>>        )
>>>
>>> Here's a link to phpsecllib: http://phpseclib.sourceforge.net/
>>>
>> Its private (4) for an enterprise (1):
>> http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3&action=display
>>
>> OpenSSL cannot possibly know how to interpret the (311) (20) (2)
>> branch or the (3) leaf node.
>
> Hmmm.  Weird.  asn1parse doesn't seem to mind.  Here's how that parses
> the subjAltName extension:
>
>    0:d=0  hl=2 l=  39 cons: SEQUENCE
>    2:d=1  hl=2 l=  37 cons:  cont [ 0 ]
>    4:d=2  hl=2 l=  10 prim:   OBJECT            :Microsoft Universal
> Principal Name
>   16:d=2  hl=2 l=  23 cons:   cont [ 0 ]
>   18:d=3  hl=2 l=  21 prim:    UTF8STRING
Yes, it can probably be parsed by any ASN.1 parser. But the OID is
private - only the organization knows how to interpret it (or what to
do with it).
:��I"Ϯ��r�m����
(����Z+�K�+����1���x��h����[�z�(����Z+���f�y�������f���h��)z{,���