how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1
Lisa Matias
lisa.matias at gmail.com
Tue Jun 18 14:16:46 UTC 2019
If you look here:
https://www.openssl.org/docs/man1.1.0/man3/X509_NAME_ENTRY_get_data.html
It states:
*X509_NAME_ENTRY_get_data() retrieves the field value of ne in
and ASN1_STRING structure.*
Unfortunately this does not work for any non-string X.500 attributes such
as x500UniqueIdentifer which is defined as an ASN.1 BIT STRING.
I am only looking to fix in OpenSSL 1.1.1, what was previously working in
all older versions of OpenSSL all the way back to 0.9.7 which included a
way to support non-string attributes in X509_NAME_ENTRY.
Thanks.
Lisa.
On Mon, 17 Jun 2019 at 22:37, Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:
> On Mon, Jun 17, 2019 at 09:19:41PM -0700, Lisa Matias wrote:
>
> > X509_NAME_ENTRY *nameEntry;
> > nameEntry = X509_NAME_ENTRY_create_by_NID (&nameEntry, nid,
> > derTagToVType (tag), buffer, bufferLength);
> > *nameEntry->value->flags = specifiedFlags;*
>
> Can you be a bit more explicit about why you need to do this?
> What flags do you intend to set and why?
>
> That said, you can use:
>
> ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
>
> to get the ASN1_STRING holding the value, and since ASN1_STRINGs
> are not opaque types, you can just use:
>
> value->flags = ...
>
> asuming that's a sensible thing to do. You may however be straying
> into undocumented behaviour, and so it might be good to know whether
> perhaps there's a better way of getting the result you actually want.
>
> --
> Viktor.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190618/8f5aed86/attachment.html>
More information about the openssl-users
mailing list