[openssl-users] Example code to add several CRL distribution points

[Dirk Menstermann]

Thanks Dave,

It seems that I do something wrong when filling the STACK_OF(DIST_POINT):

X509_NAME_ENTRY *nameEntry = X509_NAME_ENTRY_new();
X509_NAME_ENTRY_set_data (nameEntry, V_ASN1_IA5STRING /*MBSTRING_ASC*/, (const
unsigned char*) "http://example.com/", 19);
				
STACK_OF (X509_NAME_ENTRY) *nameStack = sk_X509_NAME_ENTRY_new_null();
sk_X509_NAME_ENTRY_push (nameStack, nameEntry);

DIST_POINT *distPoint = DIST_POINT_new();
distPoint->distpoint = DIST_POINT_NAME_new();
distPoint->distpoint->name.relativename = nameStack;
distPoint->distpoint->type = 0;
				
STACK_OF(DIST_POINT) *distPoints = sk_DIST_POINT_new_null();
sk_DIST_POINT_push (distPoints, distPoint);
X509_EXTENSION *ext = X509V3_EXT_i2d (NID_crl_distribution_points, 0, distPoints);
X509_add_ext (cert, ext, -1);
X509_EXTENSION_free (ext);

The extension will be added, but is empty.

Do you see where it breaks?
Dirk

On 22.11.2017 15:04, Dave Coombs wrote:
> You can use X509V3_EXT_i2d(NID_crl_distribution_points, critical, sk) where sk is a STACK_OF(DIST_POINT) that you have previously filled with multiple URIs.