ASN1 compiler

2005-03-04 Thread Zerg



Hi,all.
For example I want to generate ASN1 type of 
UTF8String by this call
ASN1_generate_v3(p, 
ctx)
I pass to this subroutingsuch string 
"UTF8:". But no correct effect..
I 'tried to pass for the value the correct 
UTF8 data,previously  had converted it from CP1251 to UTF8...
But this call in some way is mangling my 
UTF8String, adding c3
Where Iam wrong?
Thanks for help..


ASN1 compiler

2005-03-04 Thread Zerg




  Please, help..
  For example I want to generate ASN1 type of 
  UTF8String by this call
  ASN1_generate_v3(p, 
  ctx)
  I pass to this subroutingsuch string 
  "UTF8:". But no correct effect..
  I 'tried to pass for the value the correct 
  UTF8 data,previously had converted it from CP1251 to UTF8...
  But this call in some way is mangling my 
  UTF8String, adding c3
  Where Iam wrong?
  Thanks for 
help..


Re: ?ASN1 stuff

2005-03-03 Thread Zerg
Hi,all.
Sorry for my english.
Please help me to clarify the using of the such ASN1 structure in
RDNSequence and in SubjectDirectoryAttributes.
Why do they have different ASN1 structure, if they play the same role but in
different contexts.

For what reason there is  SET OF? OpenSSL always used only one SEQ in
every SET.
Why is it used?.If standart would  omit, what effect this can has?
RDNSequence : := SEQUENCE OF RelativeDistinguishedName
 RelativeDistinguishedName : := SET OF AttributeTypeAndValue
 AttributeTypeAndValue: := SEQUENCE {
 type  AttributeType,
 value AttributeValue}

 SubjectDirectoryAttributes ::=   SEQUENCE  SIZE  (1..MAX)  OF
Attribute
 Attribute ::= SEQUENCE {
 type  Attributetype,
 valuesSET OF AttributeValue } Why SET OF is used exactly in this
place instead of  place of previous ASN1 Structure.
By the way, does OpenSSL support of SubjectDirectoryAttributes
extension?If not,In what the most painless way this can be done?



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


Re: Job Opportunity

2005-03-03 Thread Zerg
Hi.
We have such ASN structre...
I am doing  PRIVATEKEY_new(). Is the memory allocated for all the member of
this structure?
The same question to PRIVATEKEY_free().
And what I have to write in callback in case of using ASN1_SEQUENCE_cb to
allocate all nedeed memory for this structure at once.
ASN1_SEQUENCE(PRIVATEKEY) = {
ASN1_SIMPLE(PRIVATEKEY,  privateKey, ASN1_OCTET_STRING),
ASN1_EXP_OPT(PRIVATEKEY, parameters,PKPARAMETERS, 0),
ASN1_EXP_OPT(PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
} ASN1_SEQUENCE_END(PRIVATEKEY)

DECLARE_ASN1_FUNCTIONS_const(PRIVATEKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(PRIVATEKEY, PRIVATEKEY)
IMPLEMENT_ASN1_FUNCTIONS_const(PRIVATEKEY)
Thanks.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


Allocate memory at once

2005-03-03 Thread Zerg
Hi.
We have such ASN structre...
I am doing  PRIVATEKEY_new(). Is the memory allocated for all the member of
this structure?
The same question to PRIVATEKEY_free().
And what I have to write in callback in case of using ASN1_SEQUENCE_cb to
allocate all nedeed memory for this structure at once.
ASN1_SEQUENCE(PRIVATEKEY) = {
ASN1_SIMPLE(PRIVATEKEY,  privateKey, ASN1_OCTET_STRING),
ASN1_EXP_OPT(PRIVATEKEY, parameters,PKPARAMETERS, 0),
ASN1_EXP_OPT(PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
} ASN1_SEQUENCE_END(PRIVATEKEY)

DECLARE_ASN1_FUNCTIONS_const(PRIVATEKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(PRIVATEKEY, PRIVATEKEY)
IMPLEMENT_ASN1_FUNCTIONS_const(PRIVATEKEY)
Thanks.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


ASN1 stuff

2005-03-02 Thread Zerg
Hi,all.
Sorry for my english.
Please help me to clarify the using of the such ASN1 structure in
RDNSequence and in SubjectDirectoryAttributes.
Why do they have different ASN1 structure, if they play the same role but in
different contexts.

For what reason there is  SET OF? OpenSSL always used only one SEQ in
every SET.
Why is it used?.If standart would  omit, what effect this can has?
RDNSequence : := SEQUENCE OF RelativeDistinguishedName
 RelativeDistinguishedName : := SET OF AttributeTypeAndValue
 AttributeTypeAndValue: := SEQUENCE {
 type  AttributeType,
 value AttributeValue}

 SubjectDirectoryAttributes ::=   SEQUENCE  SIZE  (1..MAX)  OF
Attribute
 Attribute ::= SEQUENCE {
 type  Attributetype,
 valuesSET OF AttributeValue } Why SET OF is used exactly in this
place instead of  place of previous ASN1 Structure.
By the way, does OpenSSL support of SubjectDirectoryAttributes
extension?If not,In what the most painless way this can be done?


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


Re: Using libcrypto in a shared library

2005-02-03 Thread Zerg



May be "export" will help you.
export LD_LIBRARY_PATH=$(pwd):/usr/local/ssl/lib



Different values when parsing extensions

2004-12-13 Thread Zerg
Hi all.
I add the such extension to CSR with config file
 authorityInfoAccess = CA Issuers;email:[EMAIL PROTECTED]
parsing  my config  file and
using X509V3_EXT_REQ_add_confcall

but when  I have  manualy parsed the request with such code

ext - authorityInfoAccess  extension
method = X509V3_EXT_get(ext);
p = ext-value-data;
if(method-it) ext_str = ASN1_item_d2i(NULL, p, ext-value-length,
ASN1_ITEM_ptr(method-it));
else ext_str = method-d2i(NULL, p, ext-value-length);
if(method-i2v)
if(!(nval = method-i2v(method, ext_str, NULL)))
{
for (j = 0; j  sk_CONF_VALUE_num(nval); j++)
{
valcnf = sk_CONF_VALUE_value(nval, j);
printf(%s:%s\n,valcnf-name,valcnf-value);
}
}

and I've got the next value  of  this extension:
CA Issuers - email:[EMAIL PROTECTED]

valcnf-name = CA Issuers - email
valcnf-value = [EMAIL PROTECTED]

but I need that value  CA Issuers;email:[EMAIL PROTECTED]!The value that I
have assumed in config file.
By the way, when I copying  CA Issuers - email:[EMAIL PROTECTED]  to config
file:
authorityInfoAccess = CA Issuers - email:[EMAIL PROTECTED]
 X509V3_EXT_REQ_add_conf  come into obscurity.
The same situation with  keyUsage, I am writing   to config  -
keyCertSign, and I've got Certificate Sign.How to get the same value
with that I've pointed in the config file?
Any suggestions?

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Re: Different values when parsing extensions

2004-12-13 Thread Zerg
 The textual representation is a human readable version of the encoded
 extension: in general it isn't the same format as used in the config file
 (which is less readable and restricted in various ways).

 What are you trying to do?
The hole task is CA.
I have to implement some additional function to PHP that works with openssl.
I have function that  construct ther CSR, one of arguments  is array of
extensions in such format (format of config file)
keyUsage=cRLSign,keyCertSign
basicConstraints=critical,CA:true,
extendedKeyUsage=OCSPSigning,codeSigning,
authorityInfoAccess =caIssuers;email:[EMAIL PROTECTED],
certificatePolicies=1.3.6.1.4.1.20781.1.1
The CSR can be formed by client and than is transfered to RA.In this moment
there have to be the possibility to change  the CSR(if it incorrect). After
changing, nonsigned CSR(we don't know the private key of client) is
resending to CA.
To change the CSR require to parse it first, then form the new CSR with
mentioned function.
I want after parsing the CSR get the associative massive and than  pass this
massive  to function that constructing   new CSR.
The format of argument-extensions must be corresponding in this two
functions.
How way  can I archieve this?
Thank  you  for help.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Certificate revocation REQUEST

2004-12-10 Thread Zerg
Hi all.
It is nedeed to send  from client to server the request for revoking or
holding the client's certificate.
My chief want that this request for revocation  was signed with client's
certificate and then it would be checked  for signature and proccessed
propely on server's side.
I am known that there is no certificate revocation request in OpenSSL.
Is  there the possibility of usage  standart features such as CSR,CRL
instead of not existing CRR?
Any suggestion ?

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Config file

2004-11-17 Thread Zerg
Hi.
Is it possible to write to config file with CONF API?

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


[no subject]

2004-11-10 Thread zerg
Hi.
I have such  problem.
The client side need to get certificate from server side.
But there is no possibility to generate a certificate request on client. 
So the server have to do it by itself.
Client send all the required data for creating request except private key 
of key pair!Server  is assured that pair is valid by organizational 
method. Is there the opportunity to create not signed request and then to 
generate from it the certificate without the request verification. What 
ways are to do it?
Sorry for bad english.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Hello

2004-11-01 Thread zerg

--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]