<div dir="ltr"><div>If you look here:</div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><a href="https://www.openssl.org/docs/man1.1.0/man3/X509_NAME_ENTRY_get_data.html">https://www.openssl.org/docs/man1.1.0/man3/X509_NAME_ENTRY_get_data.html</a></div></blockquote><div>It states:<br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><font color="#ff0000"><i><span style="font-family:"PT Serif",Georgia,Times,"Times New Roman",serif;background-color:rgb(248,248,248)">X509_NAME_ENTRY_get_data() retrieves the field value of </span><b style="margin:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:"PT Serif",Georgia,Times,"Times New Roman",serif;vertical-align:baseline;background-color:rgb(248,248,248)">ne</b><span style="font-family:"PT Serif",Georgia,Times,"Times New Roman",serif;background-color:rgb(248,248,248)"> in and </span><b style="margin:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:"PT Serif",Georgia,Times,"Times New Roman",serif;vertical-align:baseline;background-color:rgb(248,248,248)">ASN1_STRING</b><span style="font-family:"PT Serif",Georgia,Times,"Times New Roman",serif;background-color:rgb(248,248,248)"> structure.</span></i></font></div></blockquote><div><br></div>Unfortunately this does not work for any non-string X.500 attributes such as x500UniqueIdentifer which is defined as an ASN.1 BIT STRING.<div><br></div><div>I am only looking to fix in OpenSSL 1.1.1, what was previously working in all older versions of OpenSSL all the way back to 0.9.7 which included a way to support non-string attributes in X509_NAME_ENTRY.</div><div><br></div><div>Thanks.</div><div><br></div><div>Lisa.</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 17 Jun 2019 at 22:37, Viktor Dukhovni <<a href="mailto:openssl-users@dukhovni.org">openssl-users@dukhovni.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, Jun 17, 2019 at 09:19:41PM -0700, Lisa Matias wrote:<br>
<br>
> X509_NAME_ENTRY *nameEntry;<br>
> nameEntry = X509_NAME_ENTRY_create_by_NID (&nameEntry, nid,<br>
> derTagToVType (tag), buffer, bufferLength);<br>
> *nameEntry->value->flags = specifiedFlags;*<br>
<br>
Can you be a bit more explicit about why you need to do this?<br>
What flags do you intend to set and why?<br>
<br>
That said, you can use:<br>
<br>
ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);<br>
<br>
to get the ASN1_STRING holding the value, and since ASN1_STRINGs<br>
are not opaque types, you can just use:<br>
<br>
value->flags = ...<br>
<br>
asuming that's a sensible thing to do. You may however be straying<br>
into undocumented behaviour, and so it might be good to know whether<br>
perhaps there's a better way of getting the result you actually want.<br>
<br>
-- <br>
Viktor.<br>
</blockquote></div>