ASN1_OBJECT myth in X509_NAME_add_entry_xxx

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ASN1_OBJECT myth in X509_NAME_add_entry_xxx

Lincoln-9
Hi,
  Would any guru please take a look at this following
question? Thanks!
Dr. Lincoln

X509_NAME_add_entry_by_NID() adds a ASN1_NAME_ENTRY
which contains a pointer to ASN1_OBJECT, among other
things.

Does any expert know why the ASN1_OBJECT referenced in
ASN1_NAME_ENTRY has NULL for  sn, ln, nid?

 The calling sequence is
X509_NAME_add_entry_by_NID
=> lookup ASN1_OBJECT, X509_NAME_ENTRY_create_by_OBJ
=> X509_NAME_ENTRY_set_object +
X509_NAME_ENTRY_set_data

Where X509_NAME_ENTRY_set_object calls
ne->object = OBJ_dup(obj).

I see ASN1_OBJECT being duplicated above.

Looking at the ASN1_dup() does not reveal those NULL
assignments...

I'd appreciate your help if you can enlighten me on
this myth...

Test code is shown below
-----------------------------


int main(){
        char buf[1024], *field, *value;
        X509_NAME *name = NULL;
        int i, n, j;  
        X509_NAME_ENTRY *ne = NULL;
        ASN1_OBJECT *obj = NULL;
        ASN1_STRING *astr = NULL;
               
       /* it prints
        * sn=O; ln=organizationName; nid=17 ;legth=3;
flags=0
        * 55,04,0a ==> which is ASN1 encoding of 2.5.4.10 for
"O"
        */
        obj = OBJ_txt2obj("O", 0);
        printf("sn=%s; ln=%s; nid=%d ;legth=%d; flags=%d\n",
obj->sn, obj->ln, obj->nid, obj->length, obj->flags);

        for (j=0; j<obj->length; j++){
                printf("%02x,", obj->data[j]);
        }
       
       

        name = X509_NAME_new();
        field = "O";
        value = "VeriSign Japan K.K.";

        if (!X509_NAME_add_entry_by_NID(name, 17,
MBSTRING_ASC, value, -1, -1, 0)){
                printf("adding entry %s error\n", field);
        }

        /*
         * I would expect the ASN1_OBJECT prints out
the same stuff
         * However, it prints
         * entry#0:
         * sn=(null); ln=(null); nid=0 ;legth=3; obj_data=U;
flags=9
         * 55,04,0a,  ==> which is ASN1 encoding of 2.5.4.10
for "O"
         */

        n = sk_X509_NAME_ENTRY_num(name->entries);
        for (i=0; i<n; i++){
                printf("entry#%d:\n", i);
                ne = sk_X509_NAME_ENTRY_value(name->entries, i);
                obj = ne->object;
               
                printf("sn=%s; ln=%s; nid=%d ;legth=%d; obj_data=%s;
flags=%d\n", obj->sn, obj->ln, obj->nid, obj->length,
obj->data, obj->flags);

                for (j=0; j<obj->length; j++){
                        printf("%02x,", obj->data[j]);
                }
        }



               
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs 
 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_OBJECT myth in X509_NAME_add_entry_xxx

Dr. Stephen Henson
On Tue, Aug 30, 2005, Lincoln wrote:

> Hi,
>   Would any guru please take a look at this following
> question? Thanks!

Don't try to access the ASN1_OBJECT structures directly. Use functions such as
OBJ_obj2nid() etc instead.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_OBJECT myth in X509_NAME_add_entry_xxx

Lincoln-9

Thanks, Dr. Henson.

  I know those functions work because they perform
search against those "standard" objects based on
length and data fields, i.e., they don't care about sn
or ln.

  I guess I am trying to find out, that during the
creation of X509_NAME_ENTRY, when ASN1_OBJECT is
attached,
why the sn, ln and nid are NOT assigned values.

 I can see theoretically, it is because it avoids
duplicate those redundant entries.
I am just curious where the missing links lie.. If you
can point me out, I'd appreciate it since I've been
sifting through the code but couldn't identify it by
myself..


--- "Dr. Stephen Henson" <[hidden email]> wrote:

> On Tue, Aug 30, 2005, Lincoln wrote:
>
> > Hi,
> >   Would any guru please take a look at this
> following
> > question? Thanks!
>
> Don't try to access the ASN1_OBJECT structures
> directly. Use functions such as
> OBJ_obj2nid() etc instead.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys:
> see homepage
> OpenSSL project core developer and freelance
> consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                  
> [hidden email]
> Automated List Manager                          
> [hidden email]
>



               
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs 
 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]