How I can add extension with sequence value to CSR using openssl library?

work vlpl thework.vlpl at gmail.com
Tue Mar 19 07:26:44 UTC 2019


I know how to add simple extension (oid + str), for example

```
nid = OBJ_create("1.2.3.4", "shortname", "long name");
ASN1_OCTET_STRING_set(os, "ext value", 9);
ex = X509_EXTENSION_create_by_NID( NULL, nid, 0, os );
sk_X509_EXTENSION_push(exts, ex);
```

I want to learn how I can add extension with the next specification

The specific identity objects shall be contained in the attribute's
SET. Any identity object included in the resulting CSR shall be added
as a PKCS#9 Extension Request

- macAddress (OID 1.3.6.1.1.1.1.22), encoded as an IA5STRING type
- imei (OID 1.3.6.1.4.1.40808.1.1.3), encoded as an IA5STRING type
- meid (OID 1.3.6.1.4.1.40808.1.1.4), encoded as a BITSTRING type
- DevId (OID 1.3.6.1.4.1.40808.1.1.5), encoded as a PRINTABLESTRING type


I assume Extension Request extension has oid = 1.2.840.113549.1.9.14

And this is probably openssl config for extension

```
asn1 = SEQUENCE:attrs

[attrs]
attr1 = SEQUENCE:extreq

[extreq]
oid = OID:extensionRequest
vals = SET:extreqvals

[extreqvals]

oid1 = OID:macAddress
oid2 = OID:imei
oid3 = OID:meid
oid4 = OID:DevId
```

How I can do it in C?


More information about the openssl-users mailing list