OBJ_create - a little problem.
Locked
 
|
Hi everybody!
Here is the sample code: int nid; nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension"); X509V3_EXT_add_alias(nid, NID_netscape_comment); add_ext(x, nid, "Test Extension..."); It works fine :) But I want to change the first parameter in OBJ_create() and I fail there. As I think, it have to be in some special format, but I can't found any info about it. Thanks a lot! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Re: OBJ_create - a little problem.
|
|
On Mon, Feb 13, 2006, [hidden email] wrote:
> Hi everybody! > > Here is the sample code: > > int nid; > nid = OBJ_create("1.2.3.4", "MyAlias", "My Test > Alias Extension"); > X509V3_EXT_add_alias(nid, NID_netscape_comment); > add_ext(x, nid, "Test Extension..."); > > It works fine :) But I want to change the first > parameter in OBJ_create() and I fail there. As I think, > it have to be in some special format, but I can't found > any info about it. > It is the stndard dotted form of an OBJECT IDENTIFIER. Roughly speaking a sequence of two or more non-negative integers separated by dots. The first number can be 0, 1 or 2. The second 0 to 39 unless the first number is 2 in which case it can take any value. Subsequent numbers can take any value, though it is usual to keep them relatively small (say 32 bits maximum). The first few digits are often reserved for certain origanizations and they can define the meaning of objects within their "arc". You shouldn't therefore just make up a random set of digits especially if it to appear in anything public. You can apply for your own arc. One place where you can do this is: http://www.iana.org/cgi-bin/enterprise.pl The OpenSSL group for example is: 1.3.6.1.4.1.16604 Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Re: OBJ_create - a little problem.
|
|
On Mon, Feb 13, 2006 at 08:03:41PM +0100, Dr. Stephen Henson wrote:
> On Mon, Feb 13, 2006, [hidden email] wrote: > > > Hi everybody! > > > > Here is the sample code: > > > > int nid; > > nid = OBJ_create("1.2.3.4", "MyAlias", "My Test > > Alias Extension"); > > X509V3_EXT_add_alias(nid, NID_netscape_comment); > > add_ext(x, nid, "Test Extension..."); > > > > It works fine :) But I want to change the first > > parameter in OBJ_create() and I fail there. As I think, > > it have to be in some special format, but I can't found > > any info about it. > > > > It is the stndard dotted form of an OBJECT IDENTIFIER. > > Roughly speaking a sequence of two or more non-negative integers separated by > dots. > > The first number can be 0, 1 or 2. > > The second 0 to 39 unless the first number is 2 in which case it can take any > value. > > Subsequent numbers can take any value, though it is usual to keep them > relatively small (say 32 bits maximum). > > The first few digits are often reserved for certain origanizations and they can > define the meaning of objects within their "arc". > > You shouldn't therefore just make up a random set of digits especially if it > to appear in anything public. 2.25.x is unregulated and therefore you can drop anything down there without having to apply. The risk is that your ids will collide with someone else's so you must be careful parsing extensions. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
Hi all, I have a TLS enabled client and server. Both are working fine as far as the communication is concerned. For testing I loop my client ,such that it establish a connection,send and receive some sample data and release the connection. I just noticed that the memory at the client side keeps increasing for every looping ! (appx. 6kb per connection ). Server side is fine. I guess there might be some logical error in my function calls. The following is the general structure of my func calls. initialize the context for ( loop ) { establish TCP connection SSL connection data exchange SSL_shutdown(ssl); BIO_free SSL_free close(socket); } SSL_CTX_free(context); I also tried to move in the context initialization within the loop and free the context for every connection. This doesnt help either. I know im missing something. but i cudnt open my third eye :( I know similar issue was discussed very recently. Those hints didnt helped me much. THANKS IN ADVANCE. Samy |
|
|
I too have noticed a similar leak on a VxWorks client used
to secure LDAP connections. I hopefully will investigate this issue in the
next few weeks. I will provide any pertinent details to the group
if/when I have any. From: [hidden email] [mailto:[hidden email]] On Behalf Of Samy Thiyagarajan Sent: Wednesday, February 15, 2006 11:01 AM To: [hidden email] Subject: Memory grows Hi all, I have a TLS enabled client and server. Both are working fine as far as the communication is concerned. For testing I loop my client ,such that it establish a connection,send and receive some sample data and release the connection. I just noticed that the memory at the client side keeps increasing for every looping ! (appx. 6kb per connection ). Server side is fine. I guess there might be some logical error in my function calls. The following is the general structure of my func calls. initialize the context for ( loop ) { establish TCP connection SSL connection data exchange SSL_shutdown(ssl); BIO_free SSL_free close(socket); } SSL_CTX_free(context); I also tried to move in the context initialization within the loop and free the context for every connection. This doesnt help either. I know im missing something. but i cudnt open my third eye :( I know similar issue was discussed very recently. Those hints didnt helped me much. THANKS IN ADVANCE. Samy |
«
Return to OpenSSL - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |