Unable to set the Keyusage ( like key encipherment, Digital Signature, CRL_SIGN, NON_REPUDIATION e.t.c ) to NEW X509 CERTIFICATE in openssl.
Help me how to solve this...?
1 Answer
By Adding the below functionality we can get the key usages, basic constraints to our created certificate....
int add_ext ( X509 *cert, int nid, char *value );
// Local variable definition
INT nid = 0;
// add algorithms to internal table
OpenSSL_add_all_algorithms( );
OpenSSL_add_all_ciphers ( );
OpenSSL_add_all_digests ( );
// A CA certificate must include the basicConstraints value with the
// CA field set to TRUE.
add_ext ( xcert, NID_basic_constraints, "critical,CA:TRUE" );
// Key usage is a multi valued extension consisting of a list of names
// of the permitted key usages.
add_ext ( xcert, NID_key_usage, "digitalSignature, nonRepudiation" );
// This Extensions consists of a list of usages indicating purposes for
// which the certificate public key can be used for..
add_ext ( xcert, NID_ext_key_usage, "critical,codeSigning,1.2.3.4" );
// Adds a new object to the internal table. oid is the numerical form
// of the object, sn the short name and ln the long name.
nid = OBJ_create ( "1.2.3.4", "SAMP_OID", "Test_OID" );
X509V3_EXT_add_alias ( nid, NID_netscape_comment );
add_ext ( xcert, nid, "MQ Comment Section" );
User defined function
---------------------
// Add extension using V3 code: we can set the config file as NULL because we
// wont reference any other sections.
int add_ext ( X509 *cert, int nid, char *value )
{
//
// Local Variable Definitions
//
X509_EXTENSION *ex = NULL;
X509V3_CTX ctx;
// Setting context of Extension
X509V3_set_ctx_nodb ( &ctx );
// Issuer and subject certs: both the target since it is self signed, no
// request and no CRL
X509V3_set_ctx( &ctx, cert, cert, NULL, NULL, NULL );
ex = X509V3_EXT_conf_nid (NULL, &ctx, nid, value );
if( !ex )
{
printf( "tError: In X509V3_EXT_conf_nidn" );
hResult= GetLastError( );
}
return 0;
}