Re: ?ASN1 stuff
Hi,all.
Sorry for my english.
Please help me to clarify the using of the such ASN1 structure in
RDNSequence and in SubjectDirectoryAttributes.
Why do they have different ASN1 structure, if they play the same role but in
different contexts.
For what reason there is SET OF? OpenSSL always used only one SEQ in
every SET.
Why is it used?.If standart would omit, what effect this can has?
RDNSequence : := SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName : := SET OF AttributeTypeAndValue
AttributeTypeAndValue: := SEQUENCE {
type AttributeType,
value AttributeValue}
SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF
Attribute
Attribute ::= SEQUENCE {
type Attributetype,
valuesSET OF AttributeValue } Why SET OF is used exactly in this
place instead of place of previous ASN1 Structure.
By the way, does OpenSSL support of SubjectDirectoryAttributes
extension?If not,In what the most painless way this can be done?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: ?ASN1 stuff
On Thu, Mar 03, 2005, Zerg wrote:
Hi,all.
Sorry for my english.
Please help me to clarify the using of the such ASN1 structure in
RDNSequence and in SubjectDirectoryAttributes.
Why do they have different ASN1 structure, if they play the same role but in
different contexts.
For what reason there is SET OF? OpenSSL always used only one SEQ in
every SET.
OpenSSL does that because that's what the standards require. If it did
anything else certificates wouldn't be compatible with other implementations.
OpenSSL doesn't *always* use only one SET OF member it just usually does.
There are ways of using more than one its just that in practice this is very
rarely used.
SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF
Attribute
Attribute ::= SEQUENCE {
type Attributetype,
valuesSET OF AttributeValue } Why SET OF is used exactly in this
place instead of place of previous ASN1 Structure.
By the way, does OpenSSL support of SubjectDirectoryAttributes
extension?If not,In what the most painless way this can be done?
You'd have to ask the standards groups why they chose to do things that way.
OpenSSL doesn't directly support that extension but you can add it using the
mini-ASN1 compiler in 0.9.8.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
ASN1 stuff
Hi,all.
Sorry for my english.
Please help me to clarify the using of the such ASN1 structure in
RDNSequence and in SubjectDirectoryAttributes.
Why do they have different ASN1 structure, if they play the same role but in
different contexts.
For what reason there is SET OF? OpenSSL always used only one SEQ in
every SET.
Why is it used?.If standart would omit, what effect this can has?
RDNSequence : := SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName : := SET OF AttributeTypeAndValue
AttributeTypeAndValue: := SEQUENCE {
type AttributeType,
value AttributeValue}
SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF
Attribute
Attribute ::= SEQUENCE {
type Attributetype,
valuesSET OF AttributeValue } Why SET OF is used exactly in this
place instead of place of previous ASN1 Structure.
By the way, does OpenSSL support of SubjectDirectoryAttributes
extension?If not,In what the most painless way this can be done?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
