Different values when parsing extensions
Hi all. I add the such extension to CSR with config file authorityInfoAccess = CA Issuers;email:[EMAIL PROTECTED] parsing my config file and using X509V3_EXT_REQ_add_confcall but when I have manualy parsed the request with such code ext - authorityInfoAccess extension method = X509V3_EXT_get(ext); p = ext->value->data; if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); else ext_str = method->d2i(NULL, &p, ext->value->length); if(method->i2v) if(!(nval = method->i2v(method, ext_str, NULL))) { for (j = 0; j < sk_CONF_VALUE_num(nval); j++) { valcnf = sk_CONF_VALUE_value(nval, j); printf("%s:%s\n",valcnf->name,valcnf->value); } } and I've got the next value of this extension: "CA Issuers - email:[EMAIL PROTECTED]" valcnf->name = CA Issuers - email valcnf->value = [EMAIL PROTECTED] but I need that value "CA Issuers;email:[EMAIL PROTECTED]"!The value that I have assumed in config file. By the way, when I copying "CA Issuers - email:[EMAIL PROTECTED]" to config file: authorityInfoAccess = CA Issuers - email:[EMAIL PROTECTED] X509V3_EXT_REQ_add_conf come into obscurity. The same situation with keyUsage, I am writing to config - "keyCertSign", and I've got "Certificate Sign".How to get the same value with that I've pointed in the config file? Any suggestions? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Different values when parsing extensions
On Mon, Dec 13, 2004, Zerg wrote: > Hi all. > I add the such extension to CSR with config file > authorityInfoAccess = CA Issuers;email:[EMAIL PROTECTED] > parsing my config file and > using X509V3_EXT_REQ_add_confcall > > but when I have manualy parsed the request with such code > > ext - authorityInfoAccess extension > method = X509V3_EXT_get(ext); > p = ext->value->data; > if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, > ASN1_ITEM_ptr(method->it)); > else ext_str = method->d2i(NULL, &p, ext->value->length); > if(method->i2v) > if(!(nval = method->i2v(method, ext_str, NULL))) > { > for (j = 0; j < sk_CONF_VALUE_num(nval); j++) > { > valcnf = sk_CONF_VALUE_value(nval, j); > printf("%s:%s\n",valcnf->name,valcnf->value); > } > } > > and I've got the next value of this extension: > "CA Issuers - email:[EMAIL PROTECTED]" > > valcnf->name = CA Issuers - email > valcnf->value = [EMAIL PROTECTED] > > but I need that value "CA Issuers;email:[EMAIL PROTECTED]"!The value that I > have assumed in config file. > By the way, when I copying "CA Issuers - email:[EMAIL PROTECTED]" to config > file: > authorityInfoAccess = CA Issuers - email:[EMAIL PROTECTED] > X509V3_EXT_REQ_add_conf come into obscurity. > The same situation with keyUsage, I am writing to config - > "keyCertSign", and I've got "Certificate Sign".How to get the same value > with that I've pointed in the config file? > Any suggestions? > The textual representation is a human readable version of the encoded extension: in general it isn't the same format as used in the config file (which is less readable and restricted in various ways). What are you trying to do? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Different values when parsing extensions
> The textual representation is a human readable version of the encoded > extension: in general it isn't the same format as used in the config file > (which is less readable and restricted in various ways). > > What are you trying to do? The hole task is CA. I have to implement some additional function to PHP that works with openssl. I have function that construct ther CSR, one of arguments is array of extensions in such format (format of config file) "keyUsage"=>"cRLSign,keyCertSign" "basicConstraints"=>"critical,CA:true", "extendedKeyUsage"=>"OCSPSigning,codeSigning", "authorityInfoAccess" =>"caIssuers;email:[EMAIL PROTECTED]", "certificatePolicies"=>"1.3.6.1.4.1.20781.1.1" The CSR can be formed by client and than is transfered to RA.In this moment there have to be the possibility to change the CSR(if it incorrect). After changing, nonsigned CSR(we don't know the private key of client) is resending to CA. To change the CSR require to parse it first, then form the new CSR with mentioned function. I want after parsing the CSR get the associative massive and than pass this massive to function that constructing new CSR. The format of argument-extensions must be corresponding in this two functions. How way can I archieve this? Thank you for help. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Different values when parsing extensions
> To change the CSR require to parse it first, then form the new CSR with > mentioned function. > I want after parsing the CSR get the associative massive and than pass this > massive to function that constructing new CSR. > The format of argument-extensions must be corresponding in this two > functions. > How way can I archieve this? > Thank you for help. Write a little program that uses the libcrypto etc and that outputs the data in the form you need may be an option. If you like to parse some information in xml like the following, I can give you a hint. An example of a csr (without extensions) but the corresponding certs has them. 0 (countryName)2.5.4.6 FR (organizationName)2.5.4.10 EdelWeb (organizationalUnitName)2.5.4.11 Service EdelPKI (commonName)2.5.4.3 Peter SYLVESTER <[EMAIL PROTECTED]> (rsaEncryption)1.2.840.113549.1.1.1 30:81:98:02:81:90:06:85:6a:e4:f6:2e:11:73:b1:5d:4d:e1:6e:6e:af:ba:21:c1:46:9b:c4:fa:26:02:e1:b1:53:a6:dc:18:d6:b9:b6:c2:ec:0a:50:ae:ca:c0:ad:f2:0f:dd:24:ea:fa:9d:61:01:9d:0e:b5:01:9f:24:b1:c1:64:e3:d5:3a:24:fd:f2:84:66:c4:d7:ae:3a:75:57:fc:92:cb:30:14:87:06:53:1a:ee:ff:78:a6:62:fc:27:03:09:a4:66:6d:9d:91:be:ac:bc:23:44:f6:21:3a:36:9b:9f:3f:41:86:10:9b:06:76:b5:93:c1:31:8e:32:eb:0f:1e:ae:1d:05:0b:00:ed:2a:e9:d7:92:31:73:37:e8:cd:76:5d:8c:ac:59:4f:02:03:01:00:01 (sha1WithRSAEncryption)1.2.840.113549.1.1.5 03:60:dc:91:8c:69:fb:b2:f7:1d:1c:8b:38:f0:cf:e3:65:e4:ca:84:c4:c5:5c:f8:b7:a6:e3:12:b2:ad:b8:ff:33:2d:b5:a9:46:6c:2a:cf:cd:43:a8:5e:ce:75:3e:fa:a6:8e:3a:3b:05:29:27:03:92:f5:ee:52:5d:a9:ef:1e:b4:a7:e8:a9:be:9d:48:b8:77:ed:11:71:a9:47:51:1a:bc:d0:24:96:55:7b:7d:7a:f0:11:64:5b:b1:3c:10:8f:ac:43:eb:dd:de:af:3b:5a:a5:97:5a:aa:31:9e:46:de:0b:a2:47:fb:79:c3:58:69:a7:68:56:ed:d7:08:38:77:b8:69:44:d6:5a:c3:b2:13:0b:14:35:a8:75:35:4a:d7 Since this had no extensions, here an output of the generated cert. 2 10971639765603 (sha1WithRSAEncryption)1.2.840.113549.1.1.5 (countryName)2.5.4.6 FR (organizationName)2.5.4.10 EdelWeb (organizationalUnitName)2.5.4.11 Service EdelPKI (commonName)2.5.4.3 EdelPKI EdelWeb PersGEN (Oct 7 15:46:44 2004 GMT)041007154644Z (Dec 16 15:46:44 2006 GMT)061216154644Z (countryName)2.5.4.6 FR (organizationName)2.5.4.10 EdelWeb (organizationalUnitName)2.5.4.11 Service EdelPKI (commonName)2.5.4.3 Peter SYLVESTER <[EMAIL PROTECTED]> (rsaEncryption)1.2.840.113549.1.1.1 30:81:98:02:81:90:06:85:6a:e4:f6:2e:11:73:b1:5d:4d:e1:6e:6e:af:ba:21:c1:46:9b:c4:fa:26:02:e1:b1:53:a6:dc:18:d6:b9:b6:c2:ec:0a:50:ae:ca:c0:ad:f2:0f:dd:24:ea:fa:9d:61:01:9d:0e:b5:01:9f:24:b1:c1:64:e3:d5:3a:24:fd:f2:84:66:c4:d7:ae:3a:75:57:fc:92:cb:30:14:87:06:53:1a:ee:ff:78:a6:62:fc:27:03:09:a4:66:6d:9d:91:be:ac:bc:23:44:f6:21:3a:36:9b:9f:3f:41:86:10:9b:06:76:b5:93:c1:31:8e:32:eb:0f:1e:ae:1d:05:0b:00:ed:2a:e9:d7:92:31:73:37:e8:cd:76:5d:8c:ac:59:4f:02:03:01:00:01 (X509v3 Subject Alternative Name)2.5.29.17 [EMAIL PROTECTED] (countryName)2.5.4.6 FR (organizationName)2.5.4.10 EdelWeb (commonName)2.5.4.3 Peter SYLVESTER (X509v3 Key Usage)2.5.29.15 TRUE e0 (X509v3 Extended Key Usage)2.5.29.37 (E-mail Protection)1.3.6.1.5.5.7.3.4 (TLS Web Client Authentication)1.3.6.1.5.5.7.3.2 (X509v3 CRL Distribution Points)2.5.29.31 http://edelpki.edelweb.fr/crl/EdelPKI-EdelWeb-PersGEN.crl (X509v3 Subject Key Identifier)2.5.29.1