[pyOpenSSL] Re : [pyopenssl-list] x509req Object set_subject

BRACHET Maxime mixam85 at gmail.com
Thu Jul 3 14:53:46 CEST 2008 

Hi,

If the Subject comport multiple CN the X509Name.CN return only the first.
In the RFC 3820 part 3.4 : http://www.ietf.org/rfc/rfc3820.txt
To generate a Proxy certificate I need to add a CN to the subject.
MyProxy is a Proxy Credential Server : http://grid.ncsa.uiuc.edu/myproxy/

I can add a new one in doing
cert.get_subject().CN += '/CN=foo'

but it is not really a proper way.

Thanks for you response.
Maxime.

2008/7/3, Jean-Paul Calderone <exarkun at divmod.com>:
> On Thu, 3 Jul 2008 15:22:29 +0300, BRACHET Maxime <mixam85 at gmail.com> wrote:
>>Hi,
>>
>>> Hi every body,
>>>
>>> I am new to this mailing list.
>>> I have a quite simple problem,
>>> I get a Certificate Request form a MyProxy server to sign it in order to
>>> create a Proxy certificate.
>>> But I must overwrite the subject of the MyProxy request to fulfill the
>>> requirements.
>>> I get the Request in a x509req Object, but this object does not provide a
>>> method like set_subject().
>>>
>>> How can I do ?
>>
>>It seems that I misunderstand what to do.
>>I create a new x509 certificate using request informations, but I need to
>>add a CN to my subject and the x509Name does not provide any methods to do
>>this.
>>Any ideas ?
>
> X509Name instances can have attributes like CN set on them directly:
>
>     >>> from OpenSSL.crypto import X509
>     >>> cert = X509()
>     >>> cert.get_subject().CN = 'foo'
>     >>> cert.get_subject()
>     <X509Name object '/CN=foo'>
>
> It doesn't seem correct that you need to change anything about the X509Req,
> though.  If it has the wrong parameters, then it needs to be regenerated by
> the MyProxy server/user (I don't know what MyProxy is).  If you change it
> and sign the result, then it will disagree with the private part which was
> generated along with it.
>
> Jean-Paul
>
> -------------------------------------------------------------------------
> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
> Studies have shown that voting for your favorite open source project,
> along with a healthy diet, reduces your potential for chronic lameness
> and boredom. Vote Now at http://www.sourceforge.net/community/cca08
> _______________________________________________
> pyopenssl-list mailing list
> pyopenssl-list at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list
>

More information about the pyopenssl-users mailing list