On 06/02/2015 00:21, Florence, Jacques wrote:
I created a client certificate with custom name attributes:
In the openssl.cnf file, I addedunder section [ new_oids ] the line:
myattribute=1.2.3.4
And under [ req_distinguished_name ] I added the line: myattribute = hello
If I use the openssl tool x509, I see that my new attribute appears in
the name, after the email address.
However, when the certificate is sent to the server, the server cannot
read this attribute.
I used wireshark and saw that my custome attribute is not sent with
the rest of the name.
Why is that ?
Are you sure this is what is really happening?
If any byte in the signed part of the certificate (and this
most certainly includes the name) is changed, the certificate
should completely fail to verify.
So are you sure the name isn't sent? Maybe it is just the
utility you use to display the sent certificate which fails
to display unknown name components.
P.S.
I presume that for any real use, you would use an officially
allocated OID to avoid clashing with what other people use.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
