Re: OBJ_create - a little problem.
On Mon, Feb 13, 2006 at 08:03:41PM +0100, Dr. Stephen Henson wrote: On Mon, Feb 13, 2006, [EMAIL PROTECTED] wrote: Hi everybody! Here is the sample code: int nid; nid = OBJ_create(1.2.3.4, MyAlias, My Test Alias Extension); X509V3_EXT_add_alias(nid, NID_netscape_comment); add_ext(x, nid, Test Extension...); It works fine :) But I want to change the first parameter in OBJ_create() and I fail there. As I think, it have to be in some special format, but I can't found any info about it. It is the stndard dotted form of an OBJECT IDENTIFIER. Roughly speaking a sequence of two or more non-negative integers separated by dots. The first number can be 0, 1 or 2. The second 0 to 39 unless the first number is 2 in which case it can take any value. Subsequent numbers can take any value, though it is usual to keep them relatively small (say 32 bits maximum). The first few digits are often reserved for certain origanizations and they can define the meaning of objects within their arc. You shouldn't therefore just make up a random set of digits especially if it to appear in anything public. 2.25.x is unregulated and therefore you can drop anything down there without having to apply. The risk is that your ids will collide with someone else's so you must be careful parsing extensions. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OBJ_create - a little problem.
On Mon, Feb 13, 2006, [EMAIL PROTECTED] wrote: Hi everybody! Here is the sample code: int nid; nid = OBJ_create(1.2.3.4, MyAlias, My Test Alias Extension); X509V3_EXT_add_alias(nid, NID_netscape_comment); add_ext(x, nid, Test Extension...); It works fine :) But I want to change the first parameter in OBJ_create() and I fail there. As I think, it have to be in some special format, but I can't found any info about it. It is the stndard dotted form of an OBJECT IDENTIFIER. Roughly speaking a sequence of two or more non-negative integers separated by dots. The first number can be 0, 1 or 2. The second 0 to 39 unless the first number is 2 in which case it can take any value. Subsequent numbers can take any value, though it is usual to keep them relatively small (say 32 bits maximum). The first few digits are often reserved for certain origanizations and they can define the meaning of objects within their arc. You shouldn't therefore just make up a random set of digits especially if it to appear in anything public. You can apply for your own arc. One place where you can do this is: http://www.iana.org/cgi-bin/enterprise.pl The OpenSSL group for example is: 1.3.6.1.4.1.16604 Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
