Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?
Thanks for reply. Ohh that's bad news. So I have will look at the various d2i_XXX and i2d_XXX functions you mentioned. Von: openssl-users [mailto:openssl-users-boun...@openssl.org] Im Auftrag von Salz, Rich via openssl-users Gesendet: Dienstag, 9. Mai 2017 15:55 An: openssl-users@openssl.org Betreff: Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension? That attribute is not currently supported. Someone would have to write ASN1 parsing code. There are examples all over the place within OpenSSL; see the various d2i_XXX and i2d_XXX functions. There are macro/define's available to make the job easier. But, it is not really documented. Maybe there are other people here who are interested, and could write the code and make a pull request on GitHub. I doubt the team will get to it quickly. Sorry, but I just want to be realistic. -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at<mailto:richs...@jabber.at> Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?
I will take a look on it. Thanks.
Can you explain it a little bit more what you mean with "You can either add a
custom extension or just parse the structure from the extentsion contents." ?
-Ursprüngliche Nachricht-
Von: openssl-users [mailto:openssl-users-boun...@openssl.org] Im Auftrag von
Dr. Stephen Henson
Gesendet: Dienstag, 9. Mai 2017 18:06
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] C++ How to parse Subject Directory Attributes
Extension?
On Tue, May 09, 2017, Matthias Ballreich wrote:
> Here are nor some more details, which may help you to better understand.
>
>
> My Certificate contains the SubjectDirectoryAttributes-Extension with the
> following Attributes:
>
> OID : Value
> ---
> (1.3.6.1.5.5.7.9.4) countryOfCitizenship : DE
> (1.3.6.1.5.5.7.9.3) gender: F
> (1.3.6.1.5.5.7.9.1) dateOfBirth : 1971-10-14 12:00:00 UTC
> (1.3.6.1.5.5.7.9.2) placeOfBirth : Darmstadt
>
> So i want to get these pairs of OID and Value.
>
> I found no Struct like SUBJECT_DIRECTORY_ATTRIBUTES in the Source-Code i can
> use. I got the Extension this way:
>
> int loc = X509_get_ext_by_NID(certificate,
> NID_subject_directory_attributes, -1); X509_EXTENSION *ex =
> X509_get_ext(certificate, loc);
>
> But how can i get then all the data, which means all the OIDs and Values to
> the OIDs? The ASN.1 Structure is:
>
> SubjectDirectoryAttributes ::= Attributes
>
> Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
>
> Attribute ::= SEQUENCE
> {
> type AttributeType
> values SET OF AttributeValue
> }
>
> AttributeType ::= OBJECT IDENTIFIER
> AttributeValue ::= ANY DEFINED BY AttributeType
>
> I found out that i get a custom extension with: X509_EXTENSION_get_object(ex)
> and that the OpenSSL-Type X509_NAME_ENTRY is the equvivalent to the
> ASN.1-Structure Attribute resp. AttributeTypeAndValue. So i tried to cast the
> result of X509_EXTENSION_get_data(ex) to a STACK_OF(X509_NAME_ENTRY) and to
> X509_NAME. But X509_NAME is the same as STACK_OF(X509_NAME_ENTRY).
>
> Then i tried to get the number of attributes by calling the
> sk_X509_NAME_ENTRY_num() function on the STACK_OF(X509_NAME_ENTRY) resp.
> X509_NAME.entries, but i got not the right number. I expect to get the number
> 3 or 4 (don't know the exactly internal counting - but the example cert
> contains 4 Attributes, so the output should be 3 or 4 depending if the
> counting will start at 0 or 1). But instead of 3 or 4 i got a much larger
> number like 34335029 and this number is different every time i run the code.
> So i think there is a problem with the casting or i did not choose the right
> Data-Type(s).
>
> I'm using OpenSSL 1.0.2j.
>
> So what's wrong and how can i fix it? - Thanks in advice!
>
Looks like the type isn't X509_NAME_ENTRY but X509_ATTRIBUTE and the extension
is a SEQUENCE OF Attribute. We don't have the direct equivalent as a specific
type IIRC but it isn't hard to add one just follow what is done for
GENERAL_NAMES which is a SEQUENCE OF GENERAL_NAME.
You can either add a custom extension or just parse the structure from the
extentsion contents.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?
On Tue, May 09, 2017, Matthias Ballreich wrote:
> Here are nor some more details, which may help you to better understand.
>
>
> My Certificate contains the SubjectDirectoryAttributes-Extension with the
> following Attributes:
>
> OID : Value
> ---
> (1.3.6.1.5.5.7.9.4) countryOfCitizenship : DE
> (1.3.6.1.5.5.7.9.3) gender: F
> (1.3.6.1.5.5.7.9.1) dateOfBirth : 1971-10-14 12:00:00 UTC
> (1.3.6.1.5.5.7.9.2) placeOfBirth : Darmstadt
>
> So i want to get these pairs of OID and Value.
>
> I found no Struct like SUBJECT_DIRECTORY_ATTRIBUTES in the Source-Code i can
> use. I got the Extension this way:
>
> int loc = X509_get_ext_by_NID(certificate, NID_subject_directory_attributes,
> -1);
> X509_EXTENSION *ex = X509_get_ext(certificate, loc);
>
> But how can i get then all the data, which means all the OIDs and Values to
> the OIDs? The ASN.1 Structure is:
>
> SubjectDirectoryAttributes ::= Attributes
>
> Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
>
> Attribute ::= SEQUENCE
> {
> type AttributeType
> values SET OF AttributeValue
> }
>
> AttributeType ::= OBJECT IDENTIFIER
> AttributeValue ::= ANY DEFINED BY AttributeType
>
> I found out that i get a custom extension with: X509_EXTENSION_get_object(ex)
> and that the OpenSSL-Type X509_NAME_ENTRY is the equvivalent to the
> ASN.1-Structure Attribute resp. AttributeTypeAndValue. So i tried to cast the
> result of X509_EXTENSION_get_data(ex) to a STACK_OF(X509_NAME_ENTRY) and to
> X509_NAME. But X509_NAME is the same as STACK_OF(X509_NAME_ENTRY).
>
> Then i tried to get the number of attributes by calling the
> sk_X509_NAME_ENTRY_num() function on the STACK_OF(X509_NAME_ENTRY) resp.
> X509_NAME.entries, but i got not the right number. I expect to get the number
> 3 or 4 (don't know the exactly internal counting - but the example cert
> contains 4 Attributes, so the output should be 3 or 4 depending if the
> counting will start at 0 or 1). But instead of 3 or 4 i got a much larger
> number like 34335029 and this number is different every time i run the code.
> So i think there is a problem with the casting or i did not choose the right
> Data-Type(s).
>
> I'm using OpenSSL 1.0.2j.
>
> So what's wrong and how can i fix it? - Thanks in advice!
>
Looks like the type isn't X509_NAME_ENTRY but X509_ATTRIBUTE and the extension
is a SEQUENCE OF Attribute. We don't have the direct equivalent as a specific
type IIRC but it isn't hard to add one just follow what is done for
GENERAL_NAMES which is a SEQUENCE OF GENERAL_NAME.
You can either add a custom extension or just parse the structure from the
extentsion contents.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?
That attribute is not currently supported. Someone would have to write ASN1 parsing code. There are examples all over the place within OpenSSL; see the various d2i_XXX and i2d_XXX functions. There are macro/define’s available to make the job easier. But, it is not really documented. Maybe there are other people here who are interested, and could write the code and make a pull request on GitHub. I doubt the team will get to it quickly. Sorry, but I just want to be realistic. -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?
Here are nor some more details, which may help you to better understand.
My Certificate contains the SubjectDirectoryAttributes-Extension with the
following Attributes:
OID : Value
---
(1.3.6.1.5.5.7.9.4) countryOfCitizenship : DE
(1.3.6.1.5.5.7.9.3) gender: F
(1.3.6.1.5.5.7.9.1) dateOfBirth : 1971-10-14 12:00:00 UTC
(1.3.6.1.5.5.7.9.2) placeOfBirth : Darmstadt
So i want to get these pairs of OID and Value.
I found no Struct like SUBJECT_DIRECTORY_ATTRIBUTES in the Source-Code i can
use. I got the Extension this way:
int loc = X509_get_ext_by_NID(certificate, NID_subject_directory_attributes,
-1);
X509_EXTENSION *ex = X509_get_ext(certificate, loc);
But how can i get then all the data, which means all the OIDs and Values to the
OIDs? The ASN.1 Structure is:
SubjectDirectoryAttributes ::= Attributes
Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
Attribute ::= SEQUENCE
{
type AttributeType
values SET OF AttributeValue
}
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
I found out that i get a custom extension with: X509_EXTENSION_get_object(ex)
and that the OpenSSL-Type X509_NAME_ENTRY is the equvivalent to the
ASN.1-Structure Attribute resp. AttributeTypeAndValue. So i tried to cast the
result of X509_EXTENSION_get_data(ex) to a STACK_OF(X509_NAME_ENTRY) and to
X509_NAME. But X509_NAME is the same as STACK_OF(X509_NAME_ENTRY).
Then i tried to get the number of attributes by calling the
sk_X509_NAME_ENTRY_num() function on the STACK_OF(X509_NAME_ENTRY) resp.
X509_NAME.entries, but i got not the right number. I expect to get the number 3
or 4 (don't know the exactly internal counting - but the example cert contains
4 Attributes, so the output should be 3 or 4 depending if the counting will
start at 0 or 1). But instead of 3 or 4 i got a much larger number like
34335029 and this number is different every time i run the code. So i think
there is a problem with the casting or i did not choose the right Data-Type(s).
I'm using OpenSSL 1.0.2j.
So what's wrong and how can i fix it? - Thanks in advice!
Here a short excerpt of my code:
X509_EXTENSION *ex =
STACK_OF(X509_NAME_ENTRY) *st = (STACK_OF(X509_NAME_ENTRY)*)
X509_EXTENSION_get_data(ex);
printf(sk_X509_NAME_ENTRY_num(st));
// or alternative
X509_Name *name = (X509_Name*) X509_EXTENSION_get_data(ex);
printf(sk_X509_NAME_ENTRY_num(name.entries));
Here i append the certificate if you need it. It's from the RFC specification:
-BEGIN CERTIFICATE-
MIIDEDCCAnmgAwIBAgIESZYC0jANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJE
RTE5MDcGA1UECgwwR01EIC0gRm9yc2NodW5nc3plbnRydW0gSW5mb3JtYXRpb25z
dGVjaG5payBHbWJIMB4XDTA0MDIwMTEwMDAwMFoXDTA4MDIwMTEwMDAwMFowZTEL
MAkGA1UEBhMCREUxNzA1BgNVBAoMLkdNRCBGb3JzY2h1bmdzemVudHJ1bSBJbmZv
cm1hdGlvbnN0ZWNobmlrIEdtYkgxHTAMBgNVBCoMBVBldHJhMA0GA1UEBAwGQmFy
emluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc50zVodVa6wHPXswg88P8
p4fPy1caIaqKIK1d/wFRMN5yTl7T+VOS57sWxKcdDzGzqZJqjwjqAP3DqPK7AW3s
o7lBG6JZmiqMtlXG3+olv+3cc7WU+qDv5ZXGEqauW4x/DKGc7E/nq2BUZ2hLsjh9
Xy9+vbw+8KYE9rQEARdpJQIDAQABo4HpMIHmMGQGA1UdCQRdMFswEAYIKwYBBQUH
CQQxBBMCREUwDwYIKwYBBQUHCQMxAxMBRjAdBggrBgEFBQcJATERGA8xOTcxMTAx
NDEyMDAwMFowFwYIKwYBBQUHCQIxCwwJRGFybXN0YWR0MA4GA1UdDwEB/wQEAwIG
QDASBgNVHSAECzAJMAcGBSskCAEBMB8GA1UdIwQYMBaAFAABAgMEBQYHCAkKCwwN
Dg/+3LqYMDkGCCsGAQUFBwEDBC0wKzApBggrBgEFBQcLAjAdMBuBGW11bmljaXBh
bGl0eUBkYXJtc3RhZHQuZGUwDQYJKoZIhvcNAQEFBQADgYEAj4yAu7LYa3X04h+C
7+DyD2xViJCm5zEYg1m5x4znHJIMZsYAU/vJJIJQkPKVsIgm6vP/H1kXyAu0g2Ep
z+VWPnhZK1uw+ay1KRXw8rw2mR8hQ2Ug6QZHYdky2HH3H/69rWSPp888G8CW8RLU
uIKzn+GhapCuGoC4qWdlGLWqfpc=
-END CERTIFICATE-
Von: Matthias Ballreich
Gesendet: Sonntag, 30. April 2017 13:44:48
An: openssl-users@openssl.org
Betreff: C++ How to parse Subject Directory Attributes Extension?
Hi there,
can anyone tell me how to parse a the Subject Directory Attribute Extension of
a X509-Certificate in C++ with OpenSSL? I don't found any documentation or
piece of code in the Github Repo of OpenSSL.
I read the Extension this way:
int loc = X509_get_ext_by_NID(cert, NID_subject_directory_attributes, -1);
X509_EXTENSION *ex = X509_get_ext(cert, loc);
But i stuck on how to continue and get the TypeValue-Stuff.
Would be very helpful if someone can help me.
thanks and best regards
Matthias
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] C++ How to parse Subject Directory Attributes Extension?
Hi there, can anyone tell me how to parse a the Subject Directory Attribute Extension of a X509-Certificate in C++ with OpenSSL? I don't found any documentation or piece of code in the Github Repo of OpenSSL. I read the Extension this way: int loc = X509_get_ext_by_NID(cert, NID_subject_directory_attributes, -1); X509_EXTENSION *ex = X509_get_ext(cert, loc); But i stuck on how to continue and get the TypeValue-Stuff. Would be very helpful if someone can help me. thanks and best regards Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
