[openssl-users] x509 extension support

Freemon Johnson freemonj at gmail.com
Fri Jan 6 18:11:44 UTC 2017


Hello,

Can anyone help me in discerning which version of openssl supports
sbgp-autonomousSysNum
and sbgp-ipAddrBlock? If it has been deprecated then providing the
alternative would be greatly appreciated.



A sample openssl.cnf is provided below. When I perform a request for req it
fails because of the objects described above. The version of openssl I am
using when attempting this req generation is version OpenSSL 1.0.2g  1 Mar
2016


[req]default_bits            = 2048default_md              =
sha256distinguished_name      = req_dnprompt                  =
noencrypt_key             = no
[req_dn]CN                      = Testbed RPKI root certificate
[x509v3_extensions]basicConstraints        =
critical,CA:truesubjectKeyIdentifier    = hashkeyUsage
= critical,keyCertSign,cRLSignsubjectInfoAccess       =
@siacertificatePolicies     =
critical,1.3.6.1.5.5.7.14.2sbgp-autonomousSysNum   =
critical, at rfc3779_asnssbgp-ipAddrBlock        =
critical, at rfc3997_addrs
[sia]1.3.6.1.5.5.7.48.5;URI  =
rsync://example.org/rpki/root/1.3.6.1.5.5.7.48.10;URI =
rsync://example.org/rpki/root/root.mft
[rfc3779_asns]AS.0 = 64496-64511AS.1 = 65536-65551
[rfc3997_addrs]IPv4.0 = 192.0.2.0/24IPv4.1 = 198.51.100.0/24IPv4.2 =
203.0.113.0/24 IPv6.0 = 2001:0DB8::/32



Cheers,

Freemon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170106/7c976069/attachment.html>


More information about the openssl-users mailing list