[openssl-users] Does OpenSSL support the extension 'subject directory attributes'?

Aow Tea aowtea at gmail.com
Fri Dec 9 03:29:16 UTC 2016

Dear everyone,
       I am using PyOpenSSL which is the thin wrapper of OpenSSL to add the
extension 'subject directory attributes' to a certificate by a Python
program. The extension names 'subjectDirAttrs' and
'subjectDirectoryAttributes' have been tried but the error occurs:
"OpenSSL.crypto.Error: [('X509 V3 routines', 'DO_EXT_NCONF', 'unknown
extension name'), ('X509 V3 routines', 'X509V3_EXT_nconf', 'error in

       As PyOpenSSL is the wrapper of OpenSSL, can anyone make it clear
that whether OpenSSL supports the extension 'subject directory attributes'
and what is the proper name in programming if OpenSSL supports it?

       The other question is the error is reported as follows when I add
the extension 'certificate policies' to a certificate by PyOpenSSL.
        "OpenSSL.crypto.Error: [('X509 V3 routines', 'DO_EXT_NCONF', 'no
config database'), ('X509 V3 routines', 'X509V3_EXT_nconf', 'error in
       What is the config database? Does it refer to
/usr/local/ssl/openssl.cnf?  How to use it to add the extension
'certificate policies' to a certificate by PyOpenSSL?
       Many thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161209/c5075a4c/attachment.html>

More information about the openssl-users mailing list