syntax for multiple authorityInfoAccess entries

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

syntax for multiple authorityInfoAccess entries

Rodney McDuff
Hi
   I'm try to add multiple caIssuers and OCSP entries to my
authorityInfoAccess attribute and I am having some difficulties with
getting the right openssl.cnf syntax. I want to add the following (Note
LDAP URIs and nasty commas)

caIssuers;http://server1.domain/certs/ca-certs.p7b
caIssuers;http://server2.domain/certs/ca-certs.p7b
caIssuers;ldap://server1.domain/CN=My%20CA,o=ORG,c=AU?crossCertificatePair;binary
caIssuers;ldap://server2.domain/CN=My%20CA,o=ORG,c=AU?crossCertificatePair;binary
OCSP;http://server1.domain/ocsp
OCSP;http://server2.domain/ocsp

How is it done?

--
Dr. Rodney G. McDuff                 |Ex ignorantia ad sapientiam
Manager, Strategic Technologies Group|    Ex luce ad tenebras
Information Technology Services      |
The University of Queensland         |
EMAIL: [hidden email]          |
TELEPHONE: +61 7 3365 8220           |


signature.asc (194 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: syntax for multiple authorityInfoAccess entries

Dr. Stephen Henson
On Thu, Jun 23, 2005, Dr. Rodney McDuff wrote:

> Hi
>   I'm try to add multiple caIssuers and OCSP entries to my
> authorityInfoAccess attribute and I am having some difficulties with
> getting the right openssl.cnf syntax. I want to add the following (Note
> LDAP URIs and nasty commas)
>
> caIssuers;http://server1.domain/certs/ca-certs.p7b
> caIssuers;http://server2.domain/certs/ca-certs.p7b
> caIssuers;ldap://server1.domain/CN=My%20CA,o=ORG,c=AU?crossCertificatePair;binary
> caIssuers;ldap://server2.domain/CN=My%20CA,o=ORG,c=AU?crossCertificatePair;binary
> OCSP;http://server1.domain/ocsp
> OCSP;http://server2.domain/ocsp
>
> How is it done?
>

To use commas the @section form is mandatory. You also need to keep the LHS
unique so something like this should do the trick:

authorityInfoAccess=@aia_sect
...
[aia_sect]
OCSP;URI.1=http://www.some.responder.org/
OCSP;URI.2=http://www.some.other-responder.org/
caIssuers;URI.3=http://server.whatever.org/cert-path
caIssuers;URI.4=ldap://server.whatever.org/xxx,yyy

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

zero byte header files in latest release.

PJ-7

Hey OpenSSL guru guys!

Just downloaded http://www.openssl.org/source/openssl-0.9.7g.tar.gz
ALL the header files in openssl-0.9.7g\include\openssl are zero bytes in
length!??

Is there something wrong with the distribution or am I doing something
stupid?

Thanks in advance,
Pj.



-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Dr. Stephen Henson
Sent: Thursday, 23 June 2005 10:32 AM
To: [hidden email]
Subject: Re: syntax for multiple authorityInfoAccess entries

On Thu, Jun 23, 2005, Dr. Rodney McDuff wrote:

> Hi
>   I'm try to add multiple caIssuers and OCSP entries to my
> authorityInfoAccess attribute and I am having some difficulties with
> getting the right openssl.cnf syntax. I want to add the following (Note
> LDAP URIs and nasty commas)
>
> caIssuers;http://server1.domain/certs/ca-certs.p7b
> caIssuers;http://server2.domain/certs/ca-certs.p7b
>
caIssuers;ldap://server1.domain/CN=My%20CA,o=ORG,c=AU?crossCertificatePair;b
inary
>
caIssuers;ldap://server2.domain/CN=My%20CA,o=ORG,c=AU?crossCertificatePair;b
inary
> OCSP;http://server1.domain/ocsp
> OCSP;http://server2.domain/ocsp
>
> How is it done?
>

To use commas the @section form is mandatory. You also need to keep the LHS
unique so something like this should do the trick:

authorityInfoAccess=@aia_sect
...
[aia_sect]
OCSP;URI.1=http://www.some.responder.org/
OCSP;URI.2=http://www.some.other-responder.org/
caIssuers;URI.3=http://server.whatever.org/cert-path
caIssuers;URI.4=ldap://server.whatever.org/xxx,yyy

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.11/26 - Release Date: 22/06/2005
 

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.0/27 - Release Date: 23/06/2005
 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]