Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?
Thanks for reply. Ohh that's bad news. So I have will look at the various d2i_XXX and i2d_XXX functions you mentioned. Von: openssl-users [mailto:openssl-users-boun...@openssl.org] Im Auftrag von Salz, Rich via openssl-users Gesendet: Dienstag, 9. Mai 2017 15:55 An: openssl-users@openssl.org Betreff: Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension? That attribute is not currently supported. Someone would have to write ASN1 parsing code. There are examples all over the place within OpenSSL; see the various d2i_XXX and i2d_XXX functions. There are macro/define's available to make the job easier. But, it is not really documented. Maybe there are other people here who are interested, and could write the code and make a pull request on GitHub. I doubt the team will get to it quickly. Sorry, but I just want to be realistic. -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at<mailto:richs...@jabber.at> Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?
I will take a look on it. Thanks. Can you explain it a little bit more what you mean with "You can either add a custom extension or just parse the structure from the extentsion contents." ? -Ursprüngliche Nachricht- Von: openssl-users [mailto:openssl-users-boun...@openssl.org] Im Auftrag von Dr. Stephen Henson Gesendet: Dienstag, 9. Mai 2017 18:06 An: openssl-users@openssl.org Betreff: Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension? On Tue, May 09, 2017, Matthias Ballreich wrote: > Here are nor some more details, which may help you to better understand. > > > My Certificate contains the SubjectDirectoryAttributes-Extension with the > following Attributes: > > OID : Value > --- > (1.3.6.1.5.5.7.9.4) countryOfCitizenship : DE > (1.3.6.1.5.5.7.9.3) gender: F > (1.3.6.1.5.5.7.9.1) dateOfBirth : 1971-10-14 12:00:00 UTC > (1.3.6.1.5.5.7.9.2) placeOfBirth : Darmstadt > > So i want to get these pairs of OID and Value. > > I found no Struct like SUBJECT_DIRECTORY_ATTRIBUTES in the Source-Code i can > use. I got the Extension this way: > > int loc = X509_get_ext_by_NID(certificate, > NID_subject_directory_attributes, -1); X509_EXTENSION *ex = > X509_get_ext(certificate, loc); > > But how can i get then all the data, which means all the OIDs and Values to > the OIDs? The ASN.1 Structure is: > > SubjectDirectoryAttributes ::= Attributes > > Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute > > Attribute ::= SEQUENCE > { > type AttributeType > values SET OF AttributeValue > } > > AttributeType ::= OBJECT IDENTIFIER > AttributeValue ::= ANY DEFINED BY AttributeType > > I found out that i get a custom extension with: X509_EXTENSION_get_object(ex) > and that the OpenSSL-Type X509_NAME_ENTRY is the equvivalent to the > ASN.1-Structure Attribute resp. AttributeTypeAndValue. So i tried to cast the > result of X509_EXTENSION_get_data(ex) to a STACK_OF(X509_NAME_ENTRY) and to > X509_NAME. But X509_NAME is the same as STACK_OF(X509_NAME_ENTRY). > > Then i tried to get the number of attributes by calling the > sk_X509_NAME_ENTRY_num() function on the STACK_OF(X509_NAME_ENTRY) resp. > X509_NAME.entries, but i got not the right number. I expect to get the number > 3 or 4 (don't know the exactly internal counting - but the example cert > contains 4 Attributes, so the output should be 3 or 4 depending if the > counting will start at 0 or 1). But instead of 3 or 4 i got a much larger > number like 34335029 and this number is different every time i run the code. > So i think there is a problem with the casting or i did not choose the right > Data-Type(s). > > I'm using OpenSSL 1.0.2j. > > So what's wrong and how can i fix it? - Thanks in advice! > Looks like the type isn't X509_NAME_ENTRY but X509_ATTRIBUTE and the extension is a SEQUENCE OF Attribute. We don't have the direct equivalent as a specific type IIRC but it isn't hard to add one just follow what is done for GENERAL_NAMES which is a SEQUENCE OF GENERAL_NAME. You can either add a custom extension or just parse the structure from the extentsion contents. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?
On Tue, May 09, 2017, Matthias Ballreich wrote: > Here are nor some more details, which may help you to better understand. > > > My Certificate contains the SubjectDirectoryAttributes-Extension with the > following Attributes: > > OID : Value > --- > (1.3.6.1.5.5.7.9.4) countryOfCitizenship : DE > (1.3.6.1.5.5.7.9.3) gender: F > (1.3.6.1.5.5.7.9.1) dateOfBirth : 1971-10-14 12:00:00 UTC > (1.3.6.1.5.5.7.9.2) placeOfBirth : Darmstadt > > So i want to get these pairs of OID and Value. > > I found no Struct like SUBJECT_DIRECTORY_ATTRIBUTES in the Source-Code i can > use. I got the Extension this way: > > int loc = X509_get_ext_by_NID(certificate, NID_subject_directory_attributes, > -1); > X509_EXTENSION *ex = X509_get_ext(certificate, loc); > > But how can i get then all the data, which means all the OIDs and Values to > the OIDs? The ASN.1 Structure is: > > SubjectDirectoryAttributes ::= Attributes > > Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute > > Attribute ::= SEQUENCE > { > type AttributeType > values SET OF AttributeValue > } > > AttributeType ::= OBJECT IDENTIFIER > AttributeValue ::= ANY DEFINED BY AttributeType > > I found out that i get a custom extension with: X509_EXTENSION_get_object(ex) > and that the OpenSSL-Type X509_NAME_ENTRY is the equvivalent to the > ASN.1-Structure Attribute resp. AttributeTypeAndValue. So i tried to cast the > result of X509_EXTENSION_get_data(ex) to a STACK_OF(X509_NAME_ENTRY) and to > X509_NAME. But X509_NAME is the same as STACK_OF(X509_NAME_ENTRY). > > Then i tried to get the number of attributes by calling the > sk_X509_NAME_ENTRY_num() function on the STACK_OF(X509_NAME_ENTRY) resp. > X509_NAME.entries, but i got not the right number. I expect to get the number > 3 or 4 (don't know the exactly internal counting - but the example cert > contains 4 Attributes, so the output should be 3 or 4 depending if the > counting will start at 0 or 1). But instead of 3 or 4 i got a much larger > number like 34335029 and this number is different every time i run the code. > So i think there is a problem with the casting or i did not choose the right > Data-Type(s). > > I'm using OpenSSL 1.0.2j. > > So what's wrong and how can i fix it? - Thanks in advice! > Looks like the type isn't X509_NAME_ENTRY but X509_ATTRIBUTE and the extension is a SEQUENCE OF Attribute. We don't have the direct equivalent as a specific type IIRC but it isn't hard to add one just follow what is done for GENERAL_NAMES which is a SEQUENCE OF GENERAL_NAME. You can either add a custom extension or just parse the structure from the extentsion contents. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?
That attribute is not currently supported. Someone would have to write ASN1 parsing code. There are examples all over the place within OpenSSL; see the various d2i_XXX and i2d_XXX functions. There are macro/define’s available to make the job easier. But, it is not really documented. Maybe there are other people here who are interested, and could write the code and make a pull request on GitHub. I doubt the team will get to it quickly. Sorry, but I just want to be realistic. -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?
Here are nor some more details, which may help you to better understand. My Certificate contains the SubjectDirectoryAttributes-Extension with the following Attributes: OID : Value --- (1.3.6.1.5.5.7.9.4) countryOfCitizenship : DE (1.3.6.1.5.5.7.9.3) gender: F (1.3.6.1.5.5.7.9.1) dateOfBirth : 1971-10-14 12:00:00 UTC (1.3.6.1.5.5.7.9.2) placeOfBirth : Darmstadt So i want to get these pairs of OID and Value. I found no Struct like SUBJECT_DIRECTORY_ATTRIBUTES in the Source-Code i can use. I got the Extension this way: int loc = X509_get_ext_by_NID(certificate, NID_subject_directory_attributes, -1); X509_EXTENSION *ex = X509_get_ext(certificate, loc); But how can i get then all the data, which means all the OIDs and Values to the OIDs? The ASN.1 Structure is: SubjectDirectoryAttributes ::= Attributes Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute Attribute ::= SEQUENCE { type AttributeType values SET OF AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType I found out that i get a custom extension with: X509_EXTENSION_get_object(ex) and that the OpenSSL-Type X509_NAME_ENTRY is the equvivalent to the ASN.1-Structure Attribute resp. AttributeTypeAndValue. So i tried to cast the result of X509_EXTENSION_get_data(ex) to a STACK_OF(X509_NAME_ENTRY) and to X509_NAME. But X509_NAME is the same as STACK_OF(X509_NAME_ENTRY). Then i tried to get the number of attributes by calling the sk_X509_NAME_ENTRY_num() function on the STACK_OF(X509_NAME_ENTRY) resp. X509_NAME.entries, but i got not the right number. I expect to get the number 3 or 4 (don't know the exactly internal counting - but the example cert contains 4 Attributes, so the output should be 3 or 4 depending if the counting will start at 0 or 1). But instead of 3 or 4 i got a much larger number like 34335029 and this number is different every time i run the code. So i think there is a problem with the casting or i did not choose the right Data-Type(s). I'm using OpenSSL 1.0.2j. So what's wrong and how can i fix it? - Thanks in advice! Here a short excerpt of my code: X509_EXTENSION *ex = STACK_OF(X509_NAME_ENTRY) *st = (STACK_OF(X509_NAME_ENTRY)*) X509_EXTENSION_get_data(ex); printf(sk_X509_NAME_ENTRY_num(st)); // or alternative X509_Name *name = (X509_Name*) X509_EXTENSION_get_data(ex); printf(sk_X509_NAME_ENTRY_num(name.entries)); Here i append the certificate if you need it. It's from the RFC specification: -BEGIN CERTIFICATE- MIIDEDCCAnmgAwIBAgIESZYC0jANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJE RTE5MDcGA1UECgwwR01EIC0gRm9yc2NodW5nc3plbnRydW0gSW5mb3JtYXRpb25z dGVjaG5payBHbWJIMB4XDTA0MDIwMTEwMDAwMFoXDTA4MDIwMTEwMDAwMFowZTEL MAkGA1UEBhMCREUxNzA1BgNVBAoMLkdNRCBGb3JzY2h1bmdzemVudHJ1bSBJbmZv cm1hdGlvbnN0ZWNobmlrIEdtYkgxHTAMBgNVBCoMBVBldHJhMA0GA1UEBAwGQmFy emluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc50zVodVa6wHPXswg88P8 p4fPy1caIaqKIK1d/wFRMN5yTl7T+VOS57sWxKcdDzGzqZJqjwjqAP3DqPK7AW3s o7lBG6JZmiqMtlXG3+olv+3cc7WU+qDv5ZXGEqauW4x/DKGc7E/nq2BUZ2hLsjh9 Xy9+vbw+8KYE9rQEARdpJQIDAQABo4HpMIHmMGQGA1UdCQRdMFswEAYIKwYBBQUH CQQxBBMCREUwDwYIKwYBBQUHCQMxAxMBRjAdBggrBgEFBQcJATERGA8xOTcxMTAx NDEyMDAwMFowFwYIKwYBBQUHCQIxCwwJRGFybXN0YWR0MA4GA1UdDwEB/wQEAwIG QDASBgNVHSAECzAJMAcGBSskCAEBMB8GA1UdIwQYMBaAFAABAgMEBQYHCAkKCwwN Dg/+3LqYMDkGCCsGAQUFBwEDBC0wKzApBggrBgEFBQcLAjAdMBuBGW11bmljaXBh bGl0eUBkYXJtc3RhZHQuZGUwDQYJKoZIhvcNAQEFBQADgYEAj4yAu7LYa3X04h+C 7+DyD2xViJCm5zEYg1m5x4znHJIMZsYAU/vJJIJQkPKVsIgm6vP/H1kXyAu0g2Ep z+VWPnhZK1uw+ay1KRXw8rw2mR8hQ2Ug6QZHYdky2HH3H/69rWSPp888G8CW8RLU uIKzn+GhapCuGoC4qWdlGLWqfpc= -END CERTIFICATE- Von: Matthias Ballreich Gesendet: Sonntag, 30. April 2017 13:44:48 An: openssl-users@openssl.org Betreff: C++ How to parse Subject Directory Attributes Extension? Hi there, can anyone tell me how to parse a the Subject Directory Attribute Extension of a X509-Certificate in C++ with OpenSSL? I don't found any documentation or piece of code in the Github Repo of OpenSSL. I read the Extension this way: int loc = X509_get_ext_by_NID(cert, NID_subject_directory_attributes, -1); X509_EXTENSION *ex = X509_get_ext(cert, loc); But i stuck on how to continue and get the TypeValue-Stuff. Would be very helpful if someone can help me. thanks and best regards Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] C++ How to parse Subject Directory Attributes Extension?
Hi there, can anyone tell me how to parse a the Subject Directory Attribute Extension of a X509-Certificate in C++ with OpenSSL? I don't found any documentation or piece of code in the Github Repo of OpenSSL. I read the Extension this way: int loc = X509_get_ext_by_NID(cert, NID_subject_directory_attributes, -1); X509_EXTENSION *ex = X509_get_ext(cert, loc); But i stuck on how to continue and get the TypeValue-Stuff. Would be very helpful if someone can help me. thanks and best regards Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users