Re: Syntax of OID values

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I believe the oid_file key in the config is used by the ca and req applets and is meant to be a value rather than a section (i.e. oid_file = /path/to/oid/file/name)

To do what I believe you are trying to do above, you need to follow the directions here:
https://www.openssl.org/docs/man1.1.1/man5/config.html

by assigning an oid_section like this:
oid_section = my_oid_section_name

And then creating the section:
[my_oid_section_name]
 some_new_oid = 1.2.3.4

On Thu, Jun 27, 2024 at 1:48 AM Dvorcovoy Dmitry V. via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
I want to make my own tiny rootca.
There are problem with supporting OIDS. I found in documentation about oid_file, but can not decode syntax of values.
DER: works fine, but I want to use more readeable format.

All I can find is the same docs without a tiny working example how to use my defined oids.
sample:
[oid_file]
 1.3.6.1.4.1.311.21.1 msCAversion XCN_OID_CERTSRV_CA_VERSION
 1.3.6.1.4.1.311.21.4 msCRLNextPublish XCN_OID_CRL_NEXT_PUBLISH

[ca.conf]
 oid_file =oid.txt
 ...
[ crl_ext ]
authorityKeyIdentifier=keyid:always
msCAversion = DER:020101
msCRLNextPublish = DER:170D3234303930393131333635395A

with these options all works ok.
>openssl ca -config ca.conf -gencrl -crlexts crl_ext -out crl.pem

but when I try anything like this:
 msCAversion = 1
 msCAversion = INT:01
 msCAversion = INTEGER:0x01
(and many other combinations)

I'll got the same error:
Using configuration from ca.conf
Error checking CRL extension section crl_ext
00CEC9A0FA7F0000:error:11000081:X509 V3 routines:do_ext_nconf:unknown extension:crypto/x509/v3_conf.c:92:
00CEC9A0FA7F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in
extension:crypto/x509/v3_conf.c:48:section=crl_ext, name=msCAversion, value=INTEGER:0x01

Same with datetime, there are no help about it's format:
msCRLNextPublish =UTC
=: UTCTIME:"2024-Sep-09 11:36:59"
 =ANS1.UTCTIME....

How to properly fromat values and please, include it with examples to documentation?

And what to do to make -text outpul with readeable format, not just dump of OIDs? I think, there have to be some global OID config file, but where is it?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux