How to add an extension to a X509 certificate ?

Mon, 02 Jun 2008 02:32:08 -0700 

Hello everyone,
As i get no answer from the user mailing list, i ask it here. Sorry in advance if i post this question in the wrong place, but i really need a clue. 

I would like to add an extension to a X509v3 certificate.
I wrote :
void Addmyextension(X509* cert, int nid, char* value, bool crit)
{

X509_EXTENSION* ex = X509_EXTENSION_new();   ex->object = OBJ_nid2obj(nid);
crit? ex->critical = 0xff :  ex->critical = -1;  // Question 1
ASN1_STRING_set(ex->value, value, strlen(value)); // Question 2

X509_add_ext( cert, ex, -1); cout << " A :"<< toHex(ex->value->data) << 
endl;
 
}


Question 1 :

Is 0xff and -1 good value for critical state ? I found these one in 
x509_v3.c line 240...


Question 2 :
I don't think this line is good.

When i set the same text as i found in other extension, i don't have the 
same value in the asn1_string :


STACK_OF (X509_EXTENSION)* sk_ext = cert->cert_info->extensions;
X509_EXTENSION *ex2 =sk_X509_EXTENSION_value(sk_ext, 1);
cout << "B :"<<toHex(ex2->value->data) << endl;

I get :
A :43413A54525545
B :30030101FF


But this value must be the same (value = "CA:TRUE", A is the hexadecimal 
code of this char*). So i think my Addmyextension is not good.
I have a get function for convert the stack of extension to a map. I 
think i must create a similar function (which use BIO probably) for set 
an extension.


map<int,string> Certificate::getV3ext()
{
map<int,string> extension;
  ASN1_OBJECT *obj;

  // bio struct is use to read the X509_EXTENSION in this case (like a 
stream in c++)

  BIO *bio = BIO_new(BIO_s_mem());
  int i, len, n = X509_get_ext_count( _d_cert );
  char buffer[BUFFER_SIZE];
  X509_EXTENSION *ex;
  for (i=0; i<n; i++)     // for each extension found
  {
      string text = "";
      ex = X509_get_ext( _d_cert,i);         // get the type
      int type = OBJ_obj2nid(ex->object);    // convert it to integer
cout << "type  " << type  << " " <<  string(OBJ_nid2ln(type)) << endl;
      if (X509_EXTENSION_get_critical(ex))    // if critical

          text = CRITICAL_TEXTE;        //    add "critical, " text to 
the string
        if(!X509V3_EXT_print(bio, ex, 0, 0))    // read the text of 
this extention

          M_ASN1_OCTET_STRING_print(bio,ex->value);

      len = BIO_read(bio, buffer, BUFFER_SIZE);// here buffer contain 
the text, len the lenght of it.

      buffer[len] = '\0';            // add the EOT sign
      text += buffer;                // add the readed text to the string
      extension.insert(make_pair(type,text));    // put it in the map
  }
  BIO_free(bio);        // clear the bio "stream"
  return extension;     // retrun the map
}

But i can find how to use BIO feature for set an extension.


Thanks in advance,
pierre delcour
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]














    











					Reply via email to