Hi. Thanks for looking into this.
Would this say that the php_openssl is bugged, or can`t do the job ? -----Opprinnelig melding----- Fra: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] På vegne av Jeffrey Walton Sendt: 13. mai 2012 22:39 Til: openssl-users@openssl.org Emne: Re: PHP openssl_x509_parse extensions=>subjectAltName On Sun, May 13, 2012 at 4:31 PM, Thomas Anderson <zeln...@gmail.com> wrote: > On Sun, May 13, 2012 at 2:00 PM, Jeffrey Walton <noloa...@gmail.com> wrote: >> On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson <zeln...@gmail.com> wrote: >>> openssl probably just doesn't recognize that OID. Here's what >>> phpseclib (the latest SVN) shows for that particular extension: >>> >>> [8] => Array >>> ( >>> [extnId] => id-ce-subjectAltName >>> [critical] => >>> [extnValue] => Array >>> ( >>> [0] => Array >>> ( >>> [otherName] => Array >>> ( >>> [type-id] => >>> 1.3.6.1.4.1.311.20.2.3 >>> [value] => t...@kontorlan.tag.no >>> ) >>> >>> ) >>> >>> ) >>> >>> ) >>> >>> Here's a link to phpsecllib: http://phpseclib.sourceforge.net/ >>> >> Its private (4) for an enterprise (1): >> http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3&ac >> tion=display >> >> OpenSSL cannot possibly know how to interpret the (311) (20) (2) >> branch or the (3) leaf node. > > Hmmm. Weird. asn1parse doesn't seem to mind. Here's how that parses > the subjAltName extension: > > 0:d=0 hl=2 l= 39 cons: SEQUENCE > 2:d=1 hl=2 l= 37 cons: cont [ 0 ] > 4:d=2 hl=2 l= 10 prim: OBJECT :Microsoft Universal > Principal Name > 16:d=2 hl=2 l= 23 cons: cont [ 0 ] > 18:d=3 hl=2 l= 21 prim: UTF8STRING Yes, it can probably be parsed by any ASN.1 parser. But the OID is private - only the organization knows how to interpret it (or what to do with it). : I"Ϯ r m ( Z+ K + 1 x h [ z ( Z+ f y f h )z{,