#94 otherName FORMAT parse error

[Andrey Gusev]

I'm trying to create certificate with custom subjectAltName (either via Advanced tab and subject alternative name field/dialog) but xca says:

error:220A4093:X509 V3 routines:A2I_GENERAL_NAME:othername error error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension

What i've trying to add:
subjectAltName=otherName:msADGUID;FORMAT:HEX,OCTETSTRING:7D65002D90D74F4C9120B64293F0723D

After removing FORMAT:HEX record successfully added with string data instead of hex bytes:
subjectAltName=otherName:msADGUID;OCTETSTRING:7D65002D90D74F4C9120B64293F0723D

Looks like it's not an OpenSSL issue:
$ openssl asn1parse -genstr OCTETSTRING:7D65002D90D74F4C9120B64293F0723D
0:d=0 hl=2 l= 32 prim: OCTET STRING :7D65002D90D74F4C9120B64293F0723D
$ openssl asn1parse -genstr FORMAT:HEX,OCTETSTRING:7D65002D90D74F4C9120B64293F0723D
0:d=0 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:7D65002D90D74F4C9120B64293F0723D

Tested on XCA v0.9.3/win32 (OpenSSL 1.0.1c) and XCA v0.9.3/lnx (OpenSSL 1.0.1e-fips)

[Christian Hohnstaedt]

Apparently you already added something like
"1.3.6.1.4.1.311.25.1: msADGUID: MS Active Directory GUID"
to one of the oids,txt files of XCA.
Try the following in the XCA advanced tab or the openssl.cnf

subjectAltName=@altname_sec

[ altname_sec ]
otherName=msADGUID;FORMAT:HEX,OCT:7D65002D90D74F4C9120B64293F0723D

[Christian Hohnstaedt]

without newline between msADGUID; and FORMAT:HEX