how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Jun 18 19:30:17 UTC 2019
On Tue, Jun 18, 2019 at 07:16:46AM -0700, Lisa Matias wrote:
> If you look here:
>
> https://www.openssl.org/docs/man1.1.0/man3/X509_NAME_ENTRY_get_data.html
>
> It states:
>
> *X509_NAME_ENTRY_get_data() retrieves the field value of ne in
> and ASN1_STRING structure.*
Regardless of the entry type, the underlying value is always stored
as an ASN.1 string.
struct X509_name_entry_st {
ASN1_OBJECT *object; /* AttributeType */
ASN1_STRING *value; /* AttributeValue */
int set; /* index of RDNSequence for this entry */
int size; /* temp variable */
};
The flags you're looking for are associated with the ASN.1 string.
To indicate that it is a bit-string you set:
value->flags |= ASN1_STRING_FLAG_BITS_LEFT | i
where "i" is the number of unused bits in the final octet.
> Unfortunately this does not work for any non-string X.500 attributes such
> as x500UniqueIdentifer which is defined as an ASN.1 BIT STRING.
Actually, it does.
--
Viktor.
More information about the openssl-users
mailing list