Building a DER sequence
Ken Goldman
kgoldman at us.ibm.com
Mon Jul 1 20:45:36 UTC 2019
On 6/26/2019 11:34 AM, Salz, Rich via openssl-users wrote:
> Do I construct a sequence and add items to it - top down?
>
> No, because then you have to go back and patch the sequence length and perhaps slide everything up or down a copule of bytes.
>
> I would look at an existing simple sequence and start writing your own based on that; look for ASN1_SEQUENCE macros in crypto/x509/x*.c files. Another set of macros will declare the i2d/d2i and PEM functions if needed.
[I'm happy to read if someone can point me to an article, but I haven't
found anything.]
I am stuck on the X509 extensions. I.e., with sample certificates,
dumpasn1 shows:
[snip]
453 448: . . [3] {
457 444: . . . SEQUENCE {
461 74: . . . . SEQUENCE {
463 3: . . . . . OBJECT IDENTIFIER subjectAltName (2 5 29 17)
: . . . . . . (X.509 extension)
[snip]
What's that [3]? Perhaps it means x509v3?
With openssl, it dumps as
X509v3 extensions:
X509v3 Subject Alternative Name: critical
How do I build the x509v3 extensions item (and convert it to an
ASN1_TYPE that I can push on the stack.
That is, I have the sequence using
X509V3_EXT_conf_nid
i2d_X509_EXTENSION
ASN1_STRING_set
but how do I encapsulate that in a [3] and then to an ASN1_TYPE that I
can push on the STACK_OF(ASN1_TYPE) stack?
~~
A separate question:
I can build an X509_EXTENSION using X509V3_EXT_conf_nid. How would I
connect several of them. Would I use STACK_OF(X509_EXTENSION), push
the extensions, and then use i2d_something? What's the 'something'.
More information about the openssl-users
mailing list