ASN1 compiler
Hi,all. For example I want to generate ASN1 type of UTF8String by this call ASN1_generate_v3(p, ctx) I pass to this subroutingsuch string "UTF8:". But no correct effect.. I 'tried to pass for the value the correct UTF8 data,previously had converted it from CP1251 to UTF8... But this call in some way is mangling my UTF8String, adding c3 Where Iam wrong? Thanks for help..
ASN1 compiler
Please, help.. For example I want to generate ASN1 type of UTF8String by this call ASN1_generate_v3(p, ctx) I pass to this subroutingsuch string "UTF8:". But no correct effect.. I 'tried to pass for the value the correct UTF8 data,previously had converted it from CP1251 to UTF8... But this call in some way is mangling my UTF8String, adding c3 Where Iam wrong? Thanks for help..
Re: ?ASN1 stuff
Hi,all.
Sorry for my english.
Please help me to clarify the using of the such ASN1 structure in
RDNSequence and in SubjectDirectoryAttributes.
Why do they have different ASN1 structure, if they play the same role but in
different contexts.
For what reason there is SET OF? OpenSSL always used only one SEQ in
every SET.
Why is it used?.If standart would omit, what effect this can has?
RDNSequence : := SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName : := SET OF AttributeTypeAndValue
AttributeTypeAndValue: := SEQUENCE {
type AttributeType,
value AttributeValue}
SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF
Attribute
Attribute ::= SEQUENCE {
type Attributetype,
valuesSET OF AttributeValue } Why SET OF is used exactly in this
place instead of place of previous ASN1 Structure.
By the way, does OpenSSL support of SubjectDirectoryAttributes
extension?If not,In what the most painless way this can be done?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Job Opportunity
Hi.
We have such ASN structre...
I am doing PRIVATEKEY_new(). Is the memory allocated for all the member of
this structure?
The same question to PRIVATEKEY_free().
And what I have to write in callback in case of using ASN1_SEQUENCE_cb to
allocate all nedeed memory for this structure at once.
ASN1_SEQUENCE(PRIVATEKEY) = {
ASN1_SIMPLE(PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
ASN1_EXP_OPT(PRIVATEKEY, parameters,PKPARAMETERS, 0),
ASN1_EXP_OPT(PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
} ASN1_SEQUENCE_END(PRIVATEKEY)
DECLARE_ASN1_FUNCTIONS_const(PRIVATEKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(PRIVATEKEY, PRIVATEKEY)
IMPLEMENT_ASN1_FUNCTIONS_const(PRIVATEKEY)
Thanks.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Allocate memory at once
Hi.
We have such ASN structre...
I am doing PRIVATEKEY_new(). Is the memory allocated for all the member of
this structure?
The same question to PRIVATEKEY_free().
And what I have to write in callback in case of using ASN1_SEQUENCE_cb to
allocate all nedeed memory for this structure at once.
ASN1_SEQUENCE(PRIVATEKEY) = {
ASN1_SIMPLE(PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
ASN1_EXP_OPT(PRIVATEKEY, parameters,PKPARAMETERS, 0),
ASN1_EXP_OPT(PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
} ASN1_SEQUENCE_END(PRIVATEKEY)
DECLARE_ASN1_FUNCTIONS_const(PRIVATEKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(PRIVATEKEY, PRIVATEKEY)
IMPLEMENT_ASN1_FUNCTIONS_const(PRIVATEKEY)
Thanks.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
ASN1 stuff
Hi,all.
Sorry for my english.
Please help me to clarify the using of the such ASN1 structure in
RDNSequence and in SubjectDirectoryAttributes.
Why do they have different ASN1 structure, if they play the same role but in
different contexts.
For what reason there is SET OF? OpenSSL always used only one SEQ in
every SET.
Why is it used?.If standart would omit, what effect this can has?
RDNSequence : := SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName : := SET OF AttributeTypeAndValue
AttributeTypeAndValue: := SEQUENCE {
type AttributeType,
value AttributeValue}
SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF
Attribute
Attribute ::= SEQUENCE {
type Attributetype,
valuesSET OF AttributeValue } Why SET OF is used exactly in this
place instead of place of previous ASN1 Structure.
By the way, does OpenSSL support of SubjectDirectoryAttributes
extension?If not,In what the most painless way this can be done?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Using libcrypto in a shared library
May be "export" will help you. export LD_LIBRARY_PATH=$(pwd):/usr/local/ssl/lib
Different values when parsing extensions
Hi all.
I add the such extension to CSR with config file
authorityInfoAccess = CA Issuers;email:[EMAIL PROTECTED]
parsing my config file and
using X509V3_EXT_REQ_add_confcall
but when I have manualy parsed the request with such code
ext - authorityInfoAccess extension
method = X509V3_EXT_get(ext);
p = ext-value-data;
if(method-it) ext_str = ASN1_item_d2i(NULL, p, ext-value-length,
ASN1_ITEM_ptr(method-it));
else ext_str = method-d2i(NULL, p, ext-value-length);
if(method-i2v)
if(!(nval = method-i2v(method, ext_str, NULL)))
{
for (j = 0; j sk_CONF_VALUE_num(nval); j++)
{
valcnf = sk_CONF_VALUE_value(nval, j);
printf(%s:%s\n,valcnf-name,valcnf-value);
}
}
and I've got the next value of this extension:
CA Issuers - email:[EMAIL PROTECTED]
valcnf-name = CA Issuers - email
valcnf-value = [EMAIL PROTECTED]
but I need that value CA Issuers;email:[EMAIL PROTECTED]!The value that I
have assumed in config file.
By the way, when I copying CA Issuers - email:[EMAIL PROTECTED] to config
file:
authorityInfoAccess = CA Issuers - email:[EMAIL PROTECTED]
X509V3_EXT_REQ_add_conf come into obscurity.
The same situation with keyUsage, I am writing to config -
keyCertSign, and I've got Certificate Sign.How to get the same value
with that I've pointed in the config file?
Any suggestions?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Different values when parsing extensions
The textual representation is a human readable version of the encoded extension: in general it isn't the same format as used in the config file (which is less readable and restricted in various ways). What are you trying to do? The hole task is CA. I have to implement some additional function to PHP that works with openssl. I have function that construct ther CSR, one of arguments is array of extensions in such format (format of config file) keyUsage=cRLSign,keyCertSign basicConstraints=critical,CA:true, extendedKeyUsage=OCSPSigning,codeSigning, authorityInfoAccess =caIssuers;email:[EMAIL PROTECTED], certificatePolicies=1.3.6.1.4.1.20781.1.1 The CSR can be formed by client and than is transfered to RA.In this moment there have to be the possibility to change the CSR(if it incorrect). After changing, nonsigned CSR(we don't know the private key of client) is resending to CA. To change the CSR require to parse it first, then form the new CSR with mentioned function. I want after parsing the CSR get the associative massive and than pass this massive to function that constructing new CSR. The format of argument-extensions must be corresponding in this two functions. How way can I archieve this? Thank you for help. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Certificate revocation REQUEST
Hi all. It is nedeed to send from client to server the request for revoking or holding the client's certificate. My chief want that this request for revocation was signed with client's certificate and then it would be checked for signature and proccessed propely on server's side. I am known that there is no certificate revocation request in OpenSSL. Is there the possibility of usage standart features such as CSR,CRL instead of not existing CRR? Any suggestion ? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Config file
Hi. Is it possible to write to config file with CONF API? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[no subject]
Hi. I have such problem. The client side need to get certificate from server side. But there is no possibility to generate a certificate request on client. So the server have to do it by itself. Client send all the required data for creating request except private key of key pair!Server is assured that pair is valid by organizational method. Is there the opportunity to create not signed request and then to generate from it the certificate without the request verification. What ways are to do it? Sorry for bad english. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Hello
-- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
