Menu
▾
▴
Re: [pyOpenSSL] Arbitrary extension to X.509 certificate
|
From: <ex...@tw...> - 2012-08-23 12:11:50
|
On 10:39 am, phi...@st... wrote: >Hi all, > >I'd like to find out if pyOpenSSL supports the addition of arbitrary >certificate extensions. I see here that you can add extensions: > >http://stackoverflow.com/questions/7279282/extract-the-value-of-a-x-509 >-certificate-custom-extension-using-pyopenssl As you discovered, only some extensions are supported. To support arbitrary extensions, more "APIs" from OpenSSL will need to be exposed. This is probably possible, and only a matter of someone doing the work. I'm copying pyo...@li... on this reply. Please prefer the Launchpad mailing list for future correspondence. Thanks. Jean-Paul >But if I try this I get: >>>>from OpenSSL import crypto >>>>ext = crypto.X509Extension('1.2.3.4', 0, 'myextension') >Traceback (most recent call last): > File "<stdin>", line 1, in <module> >OpenSSL.crypto.Error: [('X509 V3 routines', 'DO_EXT_NCONF', 'unknown >extension name'), ('X509 V3 routines', 'X509V3_EXT_nconf', 'error in >extension')] > >If it is not currently possible is there some means that the relevant >OpenSSL API calls needed could be exposed through pyOpenSSL? > >Thanks, >Phil |
