This is a discussion on Re: Defining new X.509 Extensions - Openssl ; On Wed, Mar 05, 2008, Carolin Latze wrote: > Ok, > > I finally found out, that doc/openssl.txt has some documentation > regarding this issue. Forget my mail :-) > Well if you want it to behave like a standard ...
On Wed, Mar 05, 2008, Carolin Latze wrote:
> I finally found out, that doc/openssl.txt has some documentation
> regarding this issue. Forget my mail :-)
Well if you want it to behave like a standard OpenSSL extension you need to
add a custom OID and add appropriate code.
You can copy the existing code for a BIT STRING type extension for that, for
example the keyUsage extension.
If you just want to add an extension and are happy to generate/parse it
manually you can use the mini-ASN1 compiler in OpenSSL to add the extension.
This can be done in openssl.cnf without modifying OpenSSL at all.
You should be aware though that other applications (and unmodified OpenSSL)
wont display or process the extension in any human readable way.
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
OpenSSL Project http://www.openssl.org
Development Mailing List firstname.lastname@example.org
Automated List Manager email@example.com