<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap:break-word"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">The error you're seeing is because OpenSSL doesn't have a shortname mapping to an extension type for that (unusual) extension. I believe you can create it using the OpenSSL conf ASN.1 syntax but help with that is outside the scope of this mailing list, sorry!<br style="font-family:'helvetica Neue',helvetica;font-size:12.800000190734863px"></div> <div id="bloop_sign_1481318359994440960" class="bloop_sign"></div> <br><p class="airmail_on">On December 8, 2016 at 8:13:54 AM, Aow Tea (<a href="mailto:aowtea@gmail.com">aowtea@gmail.com</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div><div></div><div>
<title></title>
<div dir="ltr"><span style="font-size:12.8px">Dear everyone,</span>
<div style="font-size:12.8px"> I have a
trouble in adding the extension 'subject directory attributes' to a
certificate using Python. I have tried to use 'subjectDirAttrs' and
'subjectDirectoryAttributes', but neither of them can work. The
error is 'OpenSSL.crypto.Error: [('X509 V3 routines',
'DO_EXT_NCONF', 'unknown extension name'), ('X509 V3 routines',
'X509V3_EXT_nconf', 'error in extension')]'. </div>
<div style="font-size:12.8px"><br></div>
<div style="font-size:12.8px"> I have
installed PyOpenSSL v16.1.0 and imported crypto from OpenSSL as the
code below shows. My programming environment is Ubuntu 16.04.1 x64
and Python 2.7.12. Can anyone give a practical solution?</div>
<div style="font-size:12.8px"><br></div>
<div style="font-size:12.8px"> In
addition, when I want to add another extension 'certificate
policies', the error is 'OpenSSL.crypto.Error: [('X509 V3
routines', 'DO_EXT_NCONF', 'no config database'), ('X509 V3
routines', 'X509V3_EXT_nconf', 'error in extension')]'. Can
anyone tell me how to add this extension to a
certificate? </div>
<div style="font-size:12.8px"> </div>
<div style="font-size:12.8px"><br></div>
<div style="font-size:12.8px"> Thanks in
advance!</div>
<div style="font-size:12.8px"><br></div>
<div style="font-size:12.8px"> # My
code</div>
<div style="font-size:12.8px"><br></div>
<div style="font-size:12.8px">
<pre style="white-space:pre-wrap;margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-size:13px;width:auto;max-height:600px;overflow:auto;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;background-color:rgb(239,240,241);word-wrap:normal;color:rgb(36,39,41)"><code style="margin:0px;padding:0px;border:0px;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;white-space:inherit">#! /usr/bin/env python
from OpenSSL import crypto
newSubject=crypto.X509Name(cry<wbr>pto.X509().get_subject())
newSubject.C='US'
newSubject.ST='California'
newSubject.O='University of California, Davis'
newSubject.OU='Computer Science, UCDavis'
newSubject.CN='<a href="http://www.cs.ucdavis.edu/" target="_blank">www.cs.ucdavis.<wbr>edu</a>'
newCert=crypto.X509()
newCert.set_version(2)
newCert.set_serial_number(2016<wbr>120711)
newCert.set_notBefore('2016120<wbr>7125959Z')
newCert.set_notAfter('20171207<wbr>125959Z')
newCert.set_issuer(newSubject)
newCert.set_subject(newSubject<wbr>)
pkObject=crypto.PKey()
pkObject.generate_key(crypto.T<wbr>YPE_RSA,2048)
newCert.set_pubkey(pkObject)
newExt=crypto.X509Extension('b<wbr>asicConstraints', True, 'CA:true')
newCert.add_extensions([newExt<wbr>])
newExt=crypto.X509Extension('s<wbr>ubjectDirAttrs', True, 'something')
newCert.add_extensions([newExt<wbr>])
newCert.sign(pkObject,'sha256'<wbr>)
with open('sample.pem','w') as f:
f.write(crypto.dump_certificat<wbr>e(crypto.FILETYPE_PEM,newCert)<wbr>)</code></pre></div>
</div>
_______________________________________________
<br>Cryptography-dev mailing list
<br><a href="mailto:Cryptography-dev@python.org">Cryptography-dev@python.org</a>
<br><a href="https://mail.python.org/mailman/listinfo/cryptography-dev">https://mail.python.org/mailman/listinfo/cryptography-dev</a>
<br></div></div></span></blockquote></body></html>