I am not using the openssl commandline, I have to use the API's (the openssl.cng is not used/parsed when using API's, right?)
Regarding "the value in an extension is an OCTET STRING containing the DER of the value, not the value itself", so basicly do I need to convert the string to DER encoded? I tried : ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new(); unsigned char *d = "5"; int dlen = i2d_ASN1_OCTET_STRING( os, &d ); ASN1_OCTET_STRING_set( os, d, dlen ); extension = X509_EXTENSION_create_by_NID( NULL, nid, 0, os ); but I get rubbish (space between the OID and the value): 1.3.6.1.4.1.19718.1000.1.2.2: . 5 Am I using the correct API (i2d_ASN1_OCTET_STRING/ i2d_ASN1_INTEGER)? What am i missing? -- View this message in context: http://openssl.6102.n7.nabble.com/Adding-a-custom-extension-to-a-CSR-tp47446p47466.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org