How to set the Keyusage value to new openssl X509 certificate in c program? -
unable set keyusage ( key encipherment, digital signature, crl_sign, non_repudiation e.t.c ) new x509 certificate in openssl.
help me how solve this...?
by adding below functionality can key usages, basic constraints our created certificate.... int add_ext ( x509 *cert, int nid, char *value ); // local variable definition int nid = 0; // add algorithms internal table openssl_add_all_algorithms( ); openssl_add_all_ciphers ( ); openssl_add_all_digests ( ); // ca certificate must include basicconstraints value // ca field set true. add_ext ( xcert, nid_basic_constraints, "critical,ca:true" ); // key usage multi valued extension consisting of list of names // of permitted key usages. add_ext ( xcert, nid_key_usage, "digitalsignature, nonrepudiation" ); // extensions consists of list of usages indicating purposes // certificate public key can used for.. add_ext ( xcert, nid_ext_key_usage, "critical,codesigning,1.2.3.4" ); // adds new object internal table. oid numerical form // of object, sn short name , ln long name. nid = obj_create ( "1.2.3.4", "samp_oid", "test_oid" ); x509v3_ext_add_alias ( nid, nid_netscape_comment ); add_ext ( xcert, nid, "mq comment section" ); user defined function --------------------- // add extension using v3 code: can set config file null because // wont reference other sections. int add_ext ( x509 *cert, int nid, char *value ) { // // local variable definitions // x509_extension *ex = null; x509v3_ctx ctx; // setting context of extension x509v3_set_ctx_nodb ( &ctx ); // issuer , subject certs: both target since self signed, no // request , no crl x509v3_set_ctx( &ctx, cert, cert, null, null, null ); ex = x509v3_ext_conf_nid (null, &ctx, nid, value ); if( !ex ) { printf( "terror: in x509v3_ext_conf_nidn" ); hresult= getlasterror( ); } return 0; }
Comments
Post a Comment