Gentle people,
I am encoding some extra fields in the request (and the signed cert). And have
two related puzzels:
1) I had naively expected below construct to create a single sequence of
two object/integers under a single object:
# openssl.cnf snippet.
[v3_screen]
basicConstraints=CA:FALSE
...
1.3.6.1.4.1.2692.99.31=ASN1:SEQUENCE:seq_geo
…
[seq_geo]
1.3.6.1.4.1.2692.99.31.1=INTEGER: 1234
1.3.6.1.4.1.2692.99.31.2=INTEGER: 1234
but instead am seeing a construct which is just a sequence of two bare
INTs under a object:
ASN1_SEQUENCE(GeoLoc) = {
ASN1_SIMPLE(GeoLoc, lat, ASN1_INTEGER),
ASN1_SIMPLE(GeoLoc, lon, ASN1_INTEGER),
}
ASN1_SEQUENCE_END(GeoLoc)
i.e. prefix.1->[int,int]. While I had hoped for prefix.1->[
prefix.1.1:int, prefix.1.2:int ]. Which is not ideal - as occasionally the Geo
sequence needs to include the hight and the map projection as additonal
optional extra's.
How does one properly define such a sequence within the constraints of
the openssl.cnf file (I am currently doing it through the API - and that is
fine) ?
2) When one has fields like the above in a REQ - you need to copy them
into the signed cert. How is this done in a controlled way through the
openssl.cnf/extension file mechanism ?
Is there the equivalent of the 'copy' as available for the
email/subject ?
Thanks,
Dw.______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
