Reputation: 165
SubjectAltName otherName with binary value
I am trying to embed binary data to otherName field using the X509V3_EXT_conf_nid function. I am having problems with specifying the proper ASN1 type.
When giving otherName:0.4.0.127.0.7;OCT:AABB the result is 41 41 42 42, which is I guess the default ASCII formatting mentioned here. If I want OpenSSL to interpret the AABB as binary value, I should use the HEX option. But no matter what I do, nothing works.
Using the all present FORMAT:HEX,OCT:AABB gives me error:220A4093:X509 V3 routines: a2i_GENERAL_NAME: othername error.
Using trial and error and using something like HEX,OCT:AABB or OCT,HEX:AABB gets me nowhere with "unknown tag" and "unsupported option" errors.
So what should I do to convince OpenSSL to accept the suplied data?
Maybe it is worth mentioning that I am calling the OpenSSL functions through the ManagedOpenSSL wrapper.
Upvotes: 2
Views: 1329
Answers (1)
Reputation: 165
So after getting a tumbleweed achievement, putting this thing on hold for a month and then returning back to it, I think I cracked it.
I used the arbitrary extension. Sure, I have to know how to construct the DER format for the appropriate ASN1 structure, but that is not so hard.
If anyone can see some flaw with this approach, please let me know.
Upvotes: 5
Related Questions
- How to Check Subject Alternative Names for a SSL/TLS Certificate?
- Subject Alternative Name not present in certificate
- Subject Alternative Name is not copied to signed certificate
- How to display the Subject Alternative Name of a certificate?
- Reading an "otherName" value from a "subjectAltName" certificate extension
- SubjectAltName with otherName and BITSTRING as hex
- Specify Subject Alternative Name when generating a self signed certificate
- conversion of subject name into x509_name format
- OpenSSL Get Subject Alternative Name from certificate
- x509 certificate subject alternative name