On Thu, Oct 25, 2012, Ken Goldman wrote: > I've managed to parse the odd X509 certificate I received. Now I > have to create one. > > It should look like the below. > > X509v3 extensions: > X509v3 Subject Alternative Name: critical > > DirName:/2.23.133.2.1=id:57454300/2.23.133.2.2=NPCT42x/NPCT50x/2.23.133.2.3=id:0391 > > X509v3 Basic Constraints: critical > CA:FALSE > X509v3 Extended Key Usage: critical > 2.23.133.8.1 > > I'm almost there with this code, but I don't know how to code the > NID_subject_alt_name DirName extension. > > add_ext(x, NID_basic_constraints, "critical,CA:FALSE"); > add_ext(x, NID_ext_key_usage, "critical, 2.23.133.8.1"); >
You first need to create an X509_NAME structure with the relevant field values in it. The function X509_NAME_add_entry_by_txt() is probably the easiest way to do that: you can then use that numerical OID form for the fields. Once you have that X509_NAME structure you need to add it to a GENERAL_NAMES_structure which is associated with Subject Alt Name. Finally you add that structure to the certificate using X509_add1_ext_i2d(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org