On Tue, Jun 18, 2019 at 07:16:46AM -0700, Lisa Matias wrote: > If you look here: > > https://www.openssl.org/docs/man1.1.0/man3/X509_NAME_ENTRY_get_data.html > > It states: > > *X509_NAME_ENTRY_get_data() retrieves the field value of ne in > and ASN1_STRING structure.* Regardless of the entry type, the underlying value is always stored as an ASN.1 string. struct X509_name_entry_st { ASN1_OBJECT *object; /* AttributeType */ ASN1_STRING *value; /* AttributeValue */ int set; /* index of RDNSequence for this entry */ int size; /* temp variable */ }; The flags you're looking for are associated with the ASN.1 string. To indicate that it is a bit-string you set: value->flags |= ASN1_STRING_FLAG_BITS_LEFT | i where "i" is the number of unused bits in the final octet. > Unfortunately this does not work for any non-string X.500 attributes such > as x500UniqueIdentifer which is defined as an ASN.1 BIT STRING. Actually, it does. -- Viktor.
