SV: PHP openssl_x509_parse extensions=>subjectAltName

Tue, 15 May 2012 01:15:55 -0700 

Hi.

Thanks for looking into this.

Would this say that the php_openssl is bugged, or can`t do the job ?


-----Opprinnelig melding-----
Fra: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
På vegne av Jeffrey Walton
Sendt: 13. mai 2012 22:39
Til: openssl-users@openssl.org
Emne: Re: PHP openssl_x509_parse extensions=>subjectAltName

On Sun, May 13, 2012 at 4:31 PM, Thomas Anderson <zeln...@gmail.com> wrote:
> On Sun, May 13, 2012 at 2:00 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
>> On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson <zeln...@gmail.com> wrote:
>>> openssl probably just doesn't recognize that OID.  Here's what 
>>> phpseclib (the latest SVN) shows for that particular extension:
>>>
>>>    [8] => Array
>>>        (
>>>            [extnId] => id-ce-subjectAltName
>>>            [critical] =>
>>>            [extnValue] => Array
>>>                (
>>>                    [0] => Array
>>>                        (
>>>                            [otherName] => Array
>>>                                (
>>>                                    [type-id] => 
>>> 1.3.6.1.4.1.311.20.2.3
>>>                                    [value] => t...@kontorlan.tag.no
>>>                                )
>>>
>>>                        )
>>>
>>>                )
>>>
>>>        )
>>>
>>> Here's a link to phpsecllib: http://phpseclib.sourceforge.net/
>>>
>> Its private (4) for an enterprise (1):
>> http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3&ac
>> tion=display
>>
>> OpenSSL cannot possibly know how to interpret the (311) (20) (2) 
>> branch or the (3) leaf node.
>
> Hmmm.  Weird.  asn1parse doesn't seem to mind.  Here's how that parses 
> the subjAltName extension:
>
>    0:d=0  hl=2 l=  39 cons: SEQUENCE
>    2:d=1  hl=2 l=  37 cons:  cont [ 0 ]
>    4:d=2  hl=2 l=  10 prim:   OBJECT            :Microsoft Universal 
> Principal Name
>   16:d=2  hl=2 l=  23 cons:   cont [ 0 ]
>   18:d=3  hl=2 l=  21 prim:    UTF8STRING
Yes, it can probably be parsed by any ASN.1 parser. But the OID is private - 
only the organization knows how to interpret it (or what to do with it).
:  I"Ϯ  r m    
(   Z+ K +    1   x
  h   [ z (   Z+ 
  f y      f   h  )z{,

Reply via email to