Displaying subjectAtlName othername content

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Displaying subjectAtlName othername content

Robert Moskowitz
I am now working on using the othername option.  I see it go in, but I
can't display it.  All I get is:

             X509v3 Subject Alternative Name:
                 othername:<unsupported>

I seem to recall encountering some way to display this in a google
search, but I have not found that search yet in my history.

Is there anyway to display the basic ASN.1 structure here so I can see
what was stored in the cert?

thanks

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Displaying subjectAtlName othername content

OpenSSL - User mailing list
➢ Is there anyway to display the basic ASN.1 structure here so I can see
    what was stored in the cert?
   
openssl asn1parse


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Displaying subjectAtlName othername content

Robert Moskowitz


On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote:
> ➢ Is there anyway to display the basic ASN.1 structure here so I can see
>      what was stored in the cert?
>      
> openssl asn1parse

Humpf.  I looked at that a few times and did not see the obvious. Sigh.

So some progress.  using -i and got:

   573:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Subject
Alternative Name
   578:d=5  hl=2 l=  29 prim:      OCTET STRING      [HEX
DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304

Added -strparse 578 and got:

     0:d=0  hl=2 l=  27 cons: SEQUENCE
     2:d=1  hl=2 l=  25 cons:  cont [ 0 ]
     4:d=2  hl=2 l=   8 prim:   OBJECT            :1.3.6.1.5.5.7.8.4
    14:d=2  hl=2 l=  13 cons:   cont [ 0 ]
    16:d=3  hl=2 l=  11 cons:    SEQUENCE
    18:d=4  hl=2 l=   3 prim:     OBJECT            :1.2.3.4
    23:d=4  hl=2 l=   4 prim:     OCTET STRING      [HEX DUMP]:01020304

Since I don't know that SubjectAltName content will always start at 578,
I have to do the asn1parse in two steps.

It is a start...

Again, Thanks

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Displaying subjectAtlName othername content

Jakob Bohm-7
On 14/08/2017 20:55, Robert Moskowitz wrote:

>
>
> On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote:
>> ➢ Is there anyway to display the basic ASN.1 structure here so I can see
>>      what was stored in the cert?
>>      openssl asn1parse
>
> Humpf.  I looked at that a few times and did not see the obvious. Sigh.
>
> So some progress.  using -i and got:
>
>   573:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Subject
> Alternative Name
>   578:d=5  hl=2 l=  29 prim:      OCTET STRING      [HEX
> DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304
>
> Added -strparse 578 and got:
>
>     0:d=0  hl=2 l=  27 cons: SEQUENCE
>     2:d=1  hl=2 l=  25 cons:  cont [ 0 ]
>     4:d=2  hl=2 l=   8 prim:   OBJECT :1.3.6.1.5.5.7.8.4
>    14:d=2  hl=2 l=  13 cons:   cont [ 0 ]
>    16:d=3  hl=2 l=  11 cons:    SEQUENCE
>    18:d=4  hl=2 l=   3 prim:     OBJECT            :1.2.3.4
>    23:d=4  hl=2 l=   4 prim:     OCTET STRING      [HEX DUMP]:01020304
>
> Since I don't know that SubjectAltName content will always start at
> 578, I have to do the asn1parse in two steps.
>
> It is a start...
Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and
automatically descends into these structures.  However it requires that
you convert from Base64 to binary before calling it.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Displaying subjectAtlName othername content

Robert Moskowitz


On 08/14/2017 03:28 PM, Jakob Bohm wrote:

> On 14/08/2017 20:55, Robert Moskowitz wrote:
>>
>>
>> On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote:
>>> ➢ Is there anyway to display the basic ASN.1 structure here so I can
>>> see
>>>      what was stored in the cert?
>>>      openssl asn1parse
>>
>> Humpf.  I looked at that a few times and did not see the obvious. Sigh.
>>
>> So some progress.  using -i and got:
>>
>>   573:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Subject
>> Alternative Name
>>   578:d=5  hl=2 l=  29 prim:      OCTET STRING      [HEX
>> DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304
>>
>> Added -strparse 578 and got:
>>
>>     0:d=0  hl=2 l=  27 cons: SEQUENCE
>>     2:d=1  hl=2 l=  25 cons:  cont [ 0 ]
>>     4:d=2  hl=2 l=   8 prim:   OBJECT :1.3.6.1.5.5.7.8.4
>>    14:d=2  hl=2 l=  13 cons:   cont [ 0 ]
>>    16:d=3  hl=2 l=  11 cons:    SEQUENCE
>>    18:d=4  hl=2 l=   3 prim:     OBJECT            :1.2.3.4
>>    23:d=4  hl=2 l=   4 prim:     OCTET STRING      [HEX DUMP]:01020304
>>
>> Since I don't know that SubjectAltName content will always start at
>> 578, I have to do the asn1parse in two steps.
>>
>> It is a start...
> Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and
> automatically descends into these structures.  However it requires that
> you convert from Base64 to binary before calling it.


And build your own version of openssl!  I am too far behind on this and
other work to invest more time building my own modules.  Sigh.

Thanks, though.  Perhaps get to it later.

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Displaying subjectAtlName othername content

Jakob Bohm-7
On 14/08/2017 21:38, Robert Moskowitz wrote:

>
>
> On 08/14/2017 03:28 PM, Jakob Bohm wrote:
>> On 14/08/2017 20:55, Robert Moskowitz wrote:
>>>
>>>
>>> On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote:
>>>> ➢ Is there anyway to display the basic ASN.1 structure here so I can
>>>> see
>>>>      what was stored in the cert?
>>>>      openssl asn1parse
>>>
>>> Humpf.  I looked at that a few times and did not see the obvious. Sigh.
>>>
>>> So some progress.  using -i and got:
>>>
>>>   573:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Subject
>>> Alternative Name
>>>   578:d=5  hl=2 l=  29 prim:      OCTET STRING      [HEX
>>> DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304
>>>
>>> Added -strparse 578 and got:
>>>
>>>     0:d=0  hl=2 l=  27 cons: SEQUENCE
>>>     2:d=1  hl=2 l=  25 cons:  cont [ 0 ]
>>>     4:d=2  hl=2 l=   8 prim:   OBJECT :1.3.6.1.5.5.7.8.4
>>>    14:d=2  hl=2 l=  13 cons:   cont [ 0 ]
>>>    16:d=3  hl=2 l=  11 cons:    SEQUENCE
>>>    18:d=4  hl=2 l=   3 prim:     OBJECT            :1.2.3.4
>>>    23:d=4  hl=2 l=   4 prim:     OCTET STRING      [HEX DUMP]:01020304
>>>
>>> Since I don't know that SubjectAltName content will always start at
>>> 578, I have to do the asn1parse in two steps.
>>>
>>> It is a start...
>> Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and
>> automatically descends into these structures.  However it requires that
>> you convert from Base64 to binary before calling it.
>
>
> And build your own version of openssl!  I am too far behind on this and
> other work to invest more time building my own modules.  Sigh.
>
> Thanks, though.  Perhaps get to it later.
>

dumpasn1.c is a useful ready-to-use tool that just needs a trivial
compile from a single file to a program for your computer type.  It has
saved me a lot of time over the years.



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users