OBJ_create - a little problem.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

OBJ_create - a little problem.

dsf-2
Hi everybody!

Here is the sample code:

   int nid;
   nid = OBJ_create("1.2.3.4", "MyAlias", "My Test
Alias Extension");
   X509V3_EXT_add_alias(nid, NID_netscape_comment);
   add_ext(x, nid, "Test Extension...");

It works fine :) But I want to change the first
parameter in OBJ_create() and I fail there. As I think,
it have to be in some special format, but I can't found
any info about it.

Thanks a lot!

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OBJ_create - a little problem.

Dr. Stephen Henson
On Mon, Feb 13, 2006, [hidden email] wrote:

> Hi everybody!
>
> Here is the sample code:
>
>    int nid;
>    nid = OBJ_create("1.2.3.4", "MyAlias", "My Test
> Alias Extension");
>    X509V3_EXT_add_alias(nid, NID_netscape_comment);
>    add_ext(x, nid, "Test Extension...");
>
> It works fine :) But I want to change the first
> parameter in OBJ_create() and I fail there. As I think,
> it have to be in some special format, but I can't found
> any info about it.
>

It is the stndard dotted form of an OBJECT IDENTIFIER.

Roughly speaking a sequence of two or more non-negative integers separated by
dots.

The first number can be 0, 1 or 2.

The second 0 to 39 unless the first number is 2 in which case it can take any
value.

Subsequent numbers can take any value, though it is usual to keep them
relatively small (say 32 bits maximum).

The first few digits are often reserved for certain origanizations and they can
define the meaning of objects within their "arc".

You shouldn't therefore just make up a random set of digits especially if it
to appear in anything public.

You can apply for your own arc. One place where you can do this is:

http://www.iana.org/cgi-bin/enterprise.pl

The OpenSSL group for example is: 1.3.6.1.4.1.16604

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OBJ_create - a little problem.

Katie Lucas
On Mon, Feb 13, 2006 at 08:03:41PM +0100, Dr. Stephen Henson wrote:

> On Mon, Feb 13, 2006, [hidden email] wrote:
>
> > Hi everybody!
> >
> > Here is the sample code:
> >
> >    int nid;
> >    nid = OBJ_create("1.2.3.4", "MyAlias", "My Test
> > Alias Extension");
> >    X509V3_EXT_add_alias(nid, NID_netscape_comment);
> >    add_ext(x, nid, "Test Extension...");
> >
> > It works fine :) But I want to change the first
> > parameter in OBJ_create() and I fail there. As I think,
> > it have to be in some special format, but I can't found
> > any info about it.
> >
>
> It is the stndard dotted form of an OBJECT IDENTIFIER.
>
> Roughly speaking a sequence of two or more non-negative integers separated by
> dots.
>
> The first number can be 0, 1 or 2.
>
> The second 0 to 39 unless the first number is 2 in which case it can take any
> value.
>
> Subsequent numbers can take any value, though it is usual to keep them
> relatively small (say 32 bits maximum).
>
> The first few digits are often reserved for certain origanizations and they can
> define the meaning of objects within their "arc".
>
> You shouldn't therefore just make up a random set of digits especially if it
> to appear in anything public.

2.25.x is unregulated and therefore you can drop anything down there
without having to apply.

The risk is that your ids will collide with someone else's so you must
be careful parsing extensions.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Memory grows

Samy Thiyagarajan

Hi all,

I have a TLS enabled client and server. Both are working fine as far as the communication is concerned. For testing I loop my client ,such that it establish a connection,send and receive some sample data and release the connection.

I just noticed that the memory at the client side keeps increasing for every looping ! (appx. 6kb per connection ). Server side is fine.  I guess there might be some logical error in my function calls. The following is the general structure of my func calls.


initialize the context

for ( loop )
{
     establish TCP connection
     SSL connection
     data exchange

    SSL_shutdown(ssl);
    BIO_free
    SSL_free
    close(socket);
}
SSL_CTX_free(context);


I also tried to move in the context initialization within the loop and free the context for every connection. This doesnt help either.  I know im missing something. but i cudnt open my third eye :(

I know similar issue was discussed very recently. Those hints didnt helped me much.

THANKS IN ADVANCE.
Samy



Reply | Threaded
Open this post in threaded view
|

RE: Memory grows

Fell, Anthony
I too have noticed a similar leak on a VxWorks client used to secure LDAP connections.  I hopefully will investigate this issue in the next few weeks.  I will provide any pertinent details to the group if/when I have any.


From: [hidden email] [mailto:[hidden email]] On Behalf Of Samy Thiyagarajan
Sent: Wednesday, February 15, 2006 11:01 AM
To: [hidden email]
Subject: Memory grows


Hi all,

I have a TLS enabled client and server. Both are working fine as far as the communication is concerned. For testing I loop my client ,such that it establish a connection,send and receive some sample data and release the connection.

I just noticed that the memory at the client side keeps increasing for every looping ! (appx. 6kb per connection ). Server side is fine.  I guess there might be some logical error in my function calls. The following is the general structure of my func calls.


initialize the context

for ( loop )
{
     establish TCP connection
     SSL connection
     data exchange

    SSL_shutdown(ssl);
    BIO_free
    SSL_free
    close(socket);
}
SSL_CTX_free(context);


I also tried to move in the context initialization within the loop and free the context for every connection. This doesnt help either.  I know im missing something. but i cudnt open my third eye :(

I know similar issue was discussed very recently. Those hints didnt helped me much.

THANKS IN ADVANCE.
Samy