[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DER coding CRLDistributions points
|
From: |
Andy Newton |
|
Subject: |
DER coding CRLDistributions points |
|
Date: |
Thu, 10 Feb 2011 02:26:19 +0000 |
Hello,
I am attempting to DER code the id-ce-cRLDistributionPoints x509 extension. I'm
using the pkix.asn file that accompanies libtasn1 (v2.9), but I've added some
structures for RFC 3779. I've using asn1Parse to convert it to a C array. The
DER coding works without error, but the resulting DER is incompatible with
OpenSSL and dumpasn1 shows differing structures from my DER and a certificate
that does work with OpenSSL.
Here is my code snippet that is creating the DER structure:
// cdp is constructed as the ASN1_TYPE holding the structure of the
extension
....
// write new thing in cdp sequence
asn1_write_value( cdp, "", "NEW", 1 );
//
// write cdp full name choice
asn1_write_value( cdp, "?LAST.distributionPoint", "fullName", 1 );
//
// write new sequence item for cdp general name
asn1_write_value( cdp, "?LAST.distributionPoint.fullName", "NEW", 1 );
//
// write cdp uniformResourceIdentifier choice
asn1_write_value( cdp, "?LAST.distributionPoint.fullName.?LAST",
"uniformResourceIdentifier", 1 );
//
// write cdp URI
asn1_write_value( cdp,
"?LAST.distributionPoint.fullName.?LAST.uniformResourceIdentifier",
cert->crlDistributionPoint, strlen( cert->crlDistributionPoint )
);
//
// write NULL for cdp reasons
asn1_write_value( cdp, "?LAST.reasons", NULL, 0 );
//
// write NULL for cdp cRLIssuer
asn1_write_value( cdp, "?LAST.cRLIssuer", NULL, 0 );
>From reading RFC 5280 and the pkix.asn file, I think this is correct. However,
>using dumpasn1 there seems to be a missing sequence. I can't figure out what
>I'm missing nor why libtasn1 did not complain.
Any help is appreciated... and I plan to follow up this email with my dumpasn1
output.
-andy