← Back to team overview

pyopenssl-users team mailing list archive

Re: [pyOpenSSL] Arbitrary extension to X.509 certificate

 

On 10:39 am, philip.kershaw@xxxxxxxxxx wrote:
Hi all,

I'd like to find out if pyOpenSSL supports the addition of arbitrary certificate extensions. I see here that you can add extensions:

http://stackoverflow.com/questions/7279282/extract-the-value-of-a-x-509 -certificate-custom-extension-using-pyopenssl

As you discovered, only some extensions are supported. To support arbitrary extensions, more "APIs" from OpenSSL will need to be exposed. This is probably possible, and only a matter of someone doing the work.

I'm copying pyopenssl-users@xxxxxxxxxxxxxxxxxxx on this reply. Please prefer the Launchpad mailing list for future correspondence. Thanks.

Jean-Paul
But if I try this I get:
from OpenSSL import crypto
ext = crypto.X509Extension('1.2.3.4', 0, 'myextension')
Traceback (most recent call last):
 File "<stdin>", line 1, in <module>
OpenSSL.crypto.Error: [('X509 V3 routines', 'DO_EXT_NCONF', 'unknown extension name'), ('X509 V3 routines', 'X509V3_EXT_nconf', 'error in extension')]

If it is not currently possible is there some means that the relevant OpenSSL API calls needed could be exposed through pyOpenSSL?

Thanks,
Phil