[PATCH] objects: add EV subject OID names

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] objects: add EV subject OID names

Kyle J. McKay
The "EV SSL Certificate Guidelines" available from:

  https://cabforum.org/extended-validation/

defines three OIDs commonly seen in leaf certificates:

  jurisdictionLocalityName
  1.3.6.1.4.1.311.60.2.1.1

  jurisdictionStateOrProvinceName
  1.3.6.1.4.1.311.60.2.1.2

  jurisdictionCountryName
  1.3.6.1.4.1.311.60.2.1.3

Add these OID names so that certificate subjects containing
them display nicely.

Note that prior to version 1.4.6 of the EV Guidelines (which
was adopted and effective on 2014-03-24) the OID names started
with "jurisdictionOfIncorporation" instead of just "jurisdiction".

The newer, shorter, names are used here.

Signed-off-by: Kyle J. McKay <[hidden email]>
---

For those using the libressl-2.5.4.tar.gz distribution, an equivalent
patch that updates the generated files instead can be found here:

  https://gist.github.com/60b6236458c8e318412b99069dca8ed0

 src/lib/libcrypto/objects/obj_mac.num | 3 +++
 src/lib/libcrypto/objects/objects.txt | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num
index d839b396..3214090a 100644
--- a/src/lib/libcrypto/objects/obj_mac.num
+++ b/src/lib/libcrypto/objects/obj_mac.num
@@ -953,3 +953,6 @@ Ed25519 952
 Ed448 953
 Ed25519ph 954
 Ed448ph 955
+jurisdictionLocalityName 956
+jurisdictionStateOrProvinceName 957
+jurisdictionCountryName 958
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt
index 28d77218..6efabf7d 100644
--- a/src/lib/libcrypto/objects/objects.txt
+++ b/src/lib/libcrypto/objects/objects.txt
@@ -830,6 +830,12 @@ Private 1 : enterprises : Enterprises
 # RFC 2247
 Enterprises 1466 344 : dcobject : dcObject
 
+# Extended Validation
+!Alias extendedValidation Enterprises 311 60
+extendedValidation 2 1 1 : : jurisdictionLocalityName
+extendedValidation 2 1 2 : : jurisdictionStateOrProvinceName
+extendedValidation 2 1 3 : : jurisdictionCountryName
+
 # RFC 1495
 Mail 1 : mime-mhs : MIME MHS
 mime-mhs 1 : mime-mhs-headings : mime-mhs-headings
---

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] objects: add EV subject OID names

Joel Sing-3
On Wednesday 17 May 2017 12:02:48 Kyle J. McKay wrote:

> The "EV SSL Certificate Guidelines" available from:
>
>   https://cabforum.org/extended-validation/
>
> defines three OIDs commonly seen in leaf certificates:
>
>   jurisdictionLocalityName
>   1.3.6.1.4.1.311.60.2.1.1
>
>   jurisdictionStateOrProvinceName
>   1.3.6.1.4.1.311.60.2.1.2
>
>   jurisdictionCountryName
>   1.3.6.1.4.1.311.60.2.1.3
>
> Add these OID names so that certificate subjects containing
> them display nicely.
>
> Note that prior to version 1.4.6 of the EV Guidelines (which
> was adopted and effective on 2014-03-24) the OID names started
> with "jurisdictionOfIncorporation" instead of just "jurisdiction".
>
> The newer, shorter, names are used here.
>
> Signed-off-by: Kyle J. McKay <[hidden email]>

Committed, thanks.

> ---
>
> For those using the libressl-2.5.4.tar.gz distribution, an equivalent
> patch that updates the generated files instead can be found here:
>
>   https://gist.github.com/60b6236458c8e318412b99069dca8ed0
>
>  src/lib/libcrypto/objects/obj_mac.num | 3 +++
>  src/lib/libcrypto/objects/objects.txt | 6 ++++++
>  2 files changed, 9 insertions(+)
>
> diff --git a/src/lib/libcrypto/objects/obj_mac.num
> b/src/lib/libcrypto/objects/obj_mac.num index d839b396..3214090a 100644
> --- a/src/lib/libcrypto/objects/obj_mac.num
> +++ b/src/lib/libcrypto/objects/obj_mac.num
> @@ -953,3 +953,6 @@ Ed25519 952
>  Ed448 953
>  Ed25519ph 954
>  Ed448ph 955
> +jurisdictionLocalityName 956
> +jurisdictionStateOrProvinceName 957
> +jurisdictionCountryName 958
> diff --git a/src/lib/libcrypto/objects/objects.txt
> b/src/lib/libcrypto/objects/objects.txt index 28d77218..6efabf7d 100644
> --- a/src/lib/libcrypto/objects/objects.txt
> +++ b/src/lib/libcrypto/objects/objects.txt
> @@ -830,6 +830,12 @@ Private 1 : enterprises : Enterprises
>  # RFC 2247
>  Enterprises 1466 344 : dcobject : dcObject
>
> +# Extended Validation
> +!Alias extendedValidation Enterprises 311 60
> +extendedValidation 2 1 1 : : jurisdictionLocalityName
> +extendedValidation 2 1 2 : : jurisdictionStateOrProvinceName
> +extendedValidation 2 1 3 : : jurisdictionCountryName
> +
>  # RFC 1495
>  Mail 1 : mime-mhs : MIME MHS
>  mime-mhs 1 : mime-mhs-headings : mime-mhs-headings
> ---