Add CKA_OBJECT_ID to list of PKCS#11 attributes for stapled extensions

To be used for looking up certificate extensions by their id. This does not change the fact that the CKA_VALUE part of the extension contains the entire Extension sequence, and not just the extnValue.
author: Stef Walter <stefw@redhat.com> 2013-07-04 16:01:41 +0200
committer: Stef Walter <stefw@redhat.com> 2013-07-04 16:01:41 +0200
commit: 7a00596e68b5721dd3f400fe704189e9f1b9cb30 (patch)
tree: 97383ee09acd0f2c17fc694d8e60811a45c40c8d
parent: 789329de32859d2b230b5c912c4a25e9a1d4104b (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/specs/storing-trust-pkcs11.xml b/specs/storing-trust-pkcs11.xml
index 843cf07..9c9c7f5 100644
--- a/specs/storing-trust-pkcs11.xml
+++ b/specs/storing-trust-pkcs11.xml
@@ -237,6 +237,8 @@
 		</varlistentry>
 	</variablelist>
 
+	<para>Items in the set of stapled extensions set contain the following fields:</para>
+
 	<variablelist>
 		<varlistentry>
 			<term><literal>CKA_X_PUBLIC_KEY_INFO</literal></term>
@@ -247,7 +249,14 @@
 		<varlistentry>
 			<term><literal>CKA_VALUE</literal></term>
 			<listitem><para>The DER encoded value of the Extension sequence as
-				defined in X.509</para></listitem>
+				defined in X.509. Note that this is the entire Extension
+				sequence and not just the extnValue field.</para></listitem>
+		</varlistentry>
+		<varlistentry>
+			<term><literal>CKA_OBJECT_ID</literal></term>
+			<listitem><para>The DER-encoded OID of the stapled certificate
+			extension. This is the exact contents of the extnID field in the
+			Extension sequence.</para></listitem>
 		</varlistentry>
 	</variablelist>
author	Stef Walter <stefw@redhat.com>	2013-07-04 16:01:41 +0200
committer	Stef Walter <stefw@redhat.com>	2013-07-04 16:01:41 +0200
commit	7a00596e68b5721dd3f400fe704189e9f1b9cb30 (patch)
tree	97383ee09acd0f2c17fc694d8e60811a45c40c8d
parent	789329de32859d2b230b5c912c4a25e9a1d4104b (diff)