This is a multi-part message in MIME format.
--------------070708040505000302040705
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

With this patch, instead of the subjectAltName getting
"othername:unsupported" it will be something like
"othername:UPN<151242141@mil"

Nice when working with ceritifcates from CAC cards.


--------------070708040505000302040705
Content-Type: text/plain;
name="upn.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="upn.diff"

--- openssl-0.9.8d.orig/crypto/x509v3/v3_alt.c 2005-07-26 16:55:17.000000000 -0400
+++ openssl-0.9.8d/crypto/x509v3/v3_alt.c 2006-10-18 15:32:03.896938824 -0400
@@ -106,7 +106,31 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X
switch (gen->type)
{
case GEN_OTHERNAME:
- X509V3_add_value("othername","", &ret);
+ if (NID_ms_upn == OBJ_obj2nid(gen->d.otherName->type_id))
+ {
+ // i2t_ASN1_OBJECT(oline, 256, gen->d.otherName->type_id);
+ if (gen->d.otherName->value->type == V_ASN1_UTF8STRING)
+ {
+ if (gen->d.otherName->value->value.utf8string->length < 255)
+ {
+ sprintf(&oline[0],"UPN<%s>",gen->d.otherName->value->value.utf8string->data);
+ }
+ else
+ {
+ strcpy(oline,"UPN undisplayable");
+ }
+ //printf("%s <%s>",oline,pFoo->value.utf8string->data);
+ }
+ else
+ {
+ strcpy(&oline[0],"UPN value not UTF8");
+ }
+ }
+ else
+ {
+ strcpy(&oline[0],"");
+ }
+ X509V3_add_value("othername",oline, &ret);
break;

case GEN_X400:
@@ -175,7 +199,21 @@ int GENERAL_NAME_print(BIO *out, GENERAL
switch (gen->type)
{
case GEN_OTHERNAME:
+ if (NID_ms_upn == OBJ_obj2nid(gen->d.otherName->type_id))
+ {
+ if (gen->d.otherName->value->type == V_ASN1_UTF8STRING)
+ {
+ BIO_printf(out,"othername:UPN<%s>",gen->d.otherName->value->value.utf8string->data);
+ }
+ else
+ {
+ BIO_printf(out,"othername:UPN value not UTF8");
+ }
+ }
+ else
+ {
BIO_printf(out, "othername:");
+ }
break;

case GEN_X400:

--------------070708040505000302040705--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org