Setting ns-cert-type server for OpenVPN using phpseclib

感情迁移 提交于 2019-12-11 14:17:25

问题


Since the documentation for phpseclib is very poor, I'm asking here if there is a way to set the ns-cert-type for a certificate whis this library.

Searching on the sources, I've found this:

        // the following OIDs are unsupported but we don't want them to give notices when calling saveX509().
        case 'id-pe-logotype': // http://www.ietf.org/rfc/rfc3709.txt
        case 'entrustVersInfo':
        // http://support.microsoft.com/kb/287547
        case '1.3.6.1.4.1.311.20.2': // szOID_ENROLL_CERTTYPE_EXTENSION
        case '1.3.6.1.4.1.311.21.1': // szOID_CERTSRV_CA_VERSION
        // "SET Secure Electronic Transaction Specification"
        // http://www.maithean.com/docs/set_bk3.pdf
        case '2.23.42.7.0': // id-set-hashedRootKey
            return true;

The interesting part I think is szOID_ENROLL_CERTTYPE_EXTENSION, but it seems to be unsupported :(

Any workaround?


回答1:


Found it:

$x509->setExtension('netscape-cert-type', array('SSLServer'));

It works perfectly with OpenVPN!

Taken from the source:

// mapping is from <http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html>
$this->netscape_cert_type = array(
    'type'    => FILE_ASN1_TYPE_BIT_STRING,
    'mapping' => array(
        'SSLClient',
        'SSLServer',
        'Email',
        'ObjectSigning',
        'Reserved',
        'SSLCA',
        'EmailCA',
        'ObjectSigningCA'
    )
);


来源:https://stackoverflow.com/questions/27100456/setting-ns-cert-type-server-for-openvpn-using-phpseclib

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!