[kmf-discuss] OIDs and Extensions
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Tue May 22 11:31:49 PDT 2007
Massimiliano Pala wrote:
>
>> Second problem is how to encode a generic extension. Probably I am
>> missing
>> something but I can not find any function that would let me generating my
>> own extension to be added to a certificate or to a request.
>
> I probably have to explain it better. In my project I have two different
> configuration files, one for the OIDs and another for the
> certificate/request
> profile. In the first I have all the "non-standard" OIDs - this helps in
> updating the code without having to update the crypto libraries. The second
> file has a "profile" which basically has configuration for the certificate.
> What I would be able to do in KMF is, given the following description for
> an extension:
>
> <pki:extension name="OpenCA" critical="yes">
> <pki:value type="ASN1:UTF8String">TEST VALUE</pki:value>
> <pki:value type="DER">01:02:03:04:AA:F8</pki:value>
> </pki:extension>
>
> (the extension's OID for "OpenCA" is taken from the OIDs config file).
>
> My question is if there is documentation on how to use the:
>
> KMF_SetCertExtension ()
>
> and how to correctly build the KMF_X509_EXTENSION record. Are there any
> examples about this ?
Try this:
...
KMF_X509_EXTENSION newextn;
char openca_extn = {0x01, 0x02, 0x03, 0x04, 0xAA, 0xF8 };
KMF_OID oid; /* initialize oid with your custom OID value */
(void) memset(&newextn, 0, sizeof (newextn));
newextn.critical = 1;
newextn.extnId = oid;
newextn.format = KMF_X509_DATAFORMAT_ENCODED;
newextn.BERvalue.Data = openca_extn;
newextn.BERvalue.Length = sizeof (openca_extn);
rv = KMF_SetCertExtension(Cert, &newextn);
...
-Wyllys
More information about the kmf-discuss
mailing list