How I can add extension with sequence value to CSR using openssl library?

work vlpl thework.vlpl at
Tue Mar 19 07:26:44 UTC 2019

I know how to add simple extension (oid + str), for example

nid = OBJ_create("", "shortname", "long name");
ASN1_OCTET_STRING_set(os, "ext value", 9);
ex = X509_EXTENSION_create_by_NID( NULL, nid, 0, os );
sk_X509_EXTENSION_push(exts, ex);

I want to learn how I can add extension with the next specification

The specific identity objects shall be contained in the attribute's
SET. Any identity object included in the resulting CSR shall be added
as a PKCS#9 Extension Request

- macAddress (OID, encoded as an IA5STRING type
- imei (OID, encoded as an IA5STRING type
- meid (OID, encoded as a BITSTRING type
- DevId (OID, encoded as a PRINTABLESTRING type

I assume Extension Request extension has oid = 1.2.840.113549.1.9.14

And this is probably openssl config for extension

asn1 = SEQUENCE:attrs

attr1 = SEQUENCE:extreq

oid = OID:extensionRequest
vals = SET:extreqvals


oid1 = OID:macAddress
oid2 = OID:imei
oid3 = OID:meid
oid4 = OID:DevId

How I can do it in C?

More information about the openssl-users mailing list