new oid in subject alt name

2002-04-17 Thread CAMUS Sylvie FTRD/DTL/ISS 
Title: new oid in subject alt name





Hi 
I want to add a new oid in the subject altname and I can't do it. 
I have look at sources (v3.alt.c) and i have seen the function which returns an error : 
--
GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
CONF_VALUE *cnf)
{
char is_string = 0;
int type;
GENERAL_NAME *gen = NULL; 
char *name, *value; 
name = cnf->name;
value = cnf->value; 
if(!value) {
X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
return NULL;
} 
if(!(gen = GENERAL_NAME_new())) {
X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
return NULL;
} 
if(!name_cmp(name, "email")) {
is_string = 1;
type = GEN_EMAIL;
} else if(!name_cmp(name, "URI")) {
is_string = 1;
type = GEN_URI;
} else if(!name_cmp(name, "DNS")) {
is_string = 1;
type = GEN_DNS;
} else if(!name_cmp(name, "RID")) {
ASN1_OBJECT *obj;
if(!(obj = OBJ_txt2obj(value,0))) {
X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
ERR_add_error_data(2, "value=", value);
goto err;
}
gen->d.rid = obj;
type = GEN_RID;
} else if(!name_cmp(name, "IP")) {
int i1,i2,i3,i4;
unsigned char ip[4];
if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
(i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
(i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
ERR_add_error_data(2, "value=", value);
goto err;
}
ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
!ASN1_STRING_set(gen->d.ip, ip, 4)) {
X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
goto err;
}
type = GEN_IPADD;
} else {
X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
ERR_add_error_data(2, "name=", name);
goto err;
} 
if(is_string) {
if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
!ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
strlen(value))) {
X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
goto err;
}
} 
gen->type = type; 
return gen; 
err:
GENERAL_NAME_free(gen);
return NULL;
} 
---
Now, i understand why i cannot add a new oid in the subject altname. 
But, i don't understand theses restrictions about oids accepted for subject alt name (email,ip,...)? What are the reasons?

Thank you very much. 
ps : i have alreeady sent this mail in openssl-users mailing list but i haven't received any answer.

Subject Alternative Name : openssl and RFC 2459

2002-05-15 Thread CAMUS Sylvie FTRD/DTL/ISS 
Title: Subject Alternative Name : openssl and RFC 2459





Hi


I Have read RFC 2459 about Subject Alternative Name. This "Subject Alternative Name" is defined in this way :
id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }


  SubjectAltName ::= GeneralNames


  GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName


  GeneralName ::= CHOICE {
   otherName   [0] OtherName,
   rfc822Name  [1] IA5String,
   dNSName [2] IA5String,
   x400Address [3] ORAddress,
   directoryName   [4] Name,
   ediPartyName    [5] EDIPartyName,
   uniformResourceIdentifier   [6] IA5String,
   iPAddress   [7] OCTET STRING,
   registeredID    [8] OBJECT IDENTIFIER}


  OtherName ::= SEQUENCE {
   type-id    OBJECT IDENTIFIER,
   value  [0] EXPLICIT ANY DEFINED BY type-id }


  EDIPartyName ::= SEQUENCE {
   nameAssigner    [0] DirectoryString OPTIONAL,
   partyName   [1] DirectoryString }



But, openssl supports (only) the following GeneralName :
rfc822Name, dNSName, uniformResourceIdentifier,  iPAddress, registeredID    
Why theses restrictions? 


Thank you very much