1 files changed, 191 insertions, 20 deletions
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt
index 3d443cf884..65d0b15629 100644
--- a/src/lib/libcrypto/objects/objects.txt
+++ b/src/lib/libcrypto/objects/objects.txt
@@ -1,7 +1,15 @@
+0                       : CCITT                 : ccitt
 1                       : ISO                   : iso
+2                       : JOINT-ISO-CCITT       : joint-iso-ccitt
 iso 2                   : member-body           : ISO Member Body
+joint-iso-ccitt 5 1 5   : selected-attribute-types      : Selected Attribute Types
+selected-attribute-types 55     : clearance
 member-body 840         : ISO-US                : ISO US Member Body
 ISO-US 10040            : X9-57                 : X9.57
 X9-57 4                 : X9cm                  : X9.57 CM ?
@@ -10,6 +18,32 @@ X9-57 4			: X9cm			: X9.57 CM ?
 X9cm 1                  : DSA                   : dsaEncryption
 X9cm 3                  : DSA-SHA1              : dsaWithSHA1
+ISO-US 10045            : ansi-X9-62            : ANSI X9.62
+!module X9-62
+!Alias id-fieldType ansi-X9-62 1
+X9-62_id-fieldType 1            : prime-field
+X9-62_id-fieldType 2            : characteristic-two-field
+# ... characteristic-two-field OID subtree
+!Alias id-publicKeyType ansi-X9-62 2
+X9-62_id-publicKeyType 1        : id-ecPublicKey
+!Alias ellipticCurve ansi-X9-62 3
+!Alias c-TwoCurve X9-62_ellipticCurve 0
+# ... characteristic 2 curve OIDs
+!Alias primeCurve X9-62_ellipticCurve 1
+X9-62_primeCurve 1              : prime192v1
+X9-62_primeCurve 2              : prime192v2
+X9-62_primeCurve 3              : prime192v3
+X9-62_primeCurve 4              : prime239v1
+X9-62_primeCurve 5              : prime239v2
+X9-62_primeCurve 6              : prime239v3
+X9-62_primeCurve 7              : prime256v1
+!Alias id-ecSigType ansi-X9-62 4
+!global
+X9-62_id-ecSigType 1            : ecdsa-with-SHA1
 ISO-US 113533 7 66 10   : CAST5-CBC             : cast5-cbc
                        : CAST5-ECB             : cast5-ecb
 !Cname cast5-cfb64
@@ -26,6 +60,7 @@ rsadsi 1		: pkcs			: RSA Data Security, Inc. PKCS
 pkcs 1                  : pkcs1
 pkcs1 1                 :                       : rsaEncryption
 pkcs1 2                 : RSA-MD2               : md2WithRSAEncryption
+pkcs1 3                 : RSA-MD4               : md4WithRSAEncryption
 pkcs1 4                 : RSA-MD5               : md5WithRSAEncryption
 pkcs1 5                 : RSA-SHA1              : sha1WithRSAEncryption
@@ -61,7 +96,7 @@ pkcs7 6			:			: pkcs7-encryptedData
 pkcs 9                  : pkcs9
 !module pkcs9
-pkcs9 1                 : Email                 : emailAddress
+pkcs9 1                 :                       : emailAddress
 pkcs9 2                 :                       : unstructuredName
 pkcs9 3                 :                       : contentType
 pkcs9 4                 :                       : messageDigest
@@ -173,6 +208,8 @@ id-smime-cti 6		: id-smime-cti-ets-proofOfCreation
 pkcs9 20                :                       : friendlyName
 pkcs9 21                :                       : localKeyID
+!Cname ms-csp-name
+1 3 6 1 4 1 311 17 1    : CSPName               : Microsoft CSP Name
 !Alias certTypes pkcs9 22
 certTypes 1             :                       : x509Certificate
 certTypes 2             :                       : sdsiCertificate
@@ -302,6 +339,9 @@ id-pe 6			: aaControls
 id-pe 7                 : sbqp-ipAddrBlock
 id-pe 8                 : sbqp-autonomousSysNum
 id-pe 9                 : sbqp-routerIdentifier
+id-pe 10                : ac-proxying
+!Cname sinfo-access
+id-pe 11                : subjectInfoAccess     : Subject Information Access
 # PKIX policyQualifiers for Internet policy qualifiers
 id-qt 1                 : id-qt-cps             : Policy Qualifier CPS
@@ -396,17 +436,18 @@ id-on 1			: id-on-personalData
 # personal data attributes
 id-pda 1                : id-pda-dateOfBirth
 id-pda 2                : id-pda-placeOfBirth
-id-pda 3                : id-pda-pseudonym
+id-pda 3                : id-pda-gender
-id-pda 4                : id-pda-gender
+id-pda 4                : id-pda-countryOfCitizenship
-id-pda 5                : id-pda-countryOfCitizenship
+id-pda 5                : id-pda-countryOfResidence
-id-pda 6                : id-pda-countryOfResidence
 # attribute certificate attributes
 id-aca 1                : id-aca-authenticationInfo
 id-aca 2                : id-aca-accessIdentity
 id-aca 3                : id-aca-chargingIdentity
 id-aca 4                : id-aca-group
+# attention : the following seems to be obsolete, replace by 'role'
 id-aca 5                : id-aca-role
+id-aca 6                : id-aca-encAttrs
 # qualified certificate statements
 id-qcs 1                : id-qcs-pkixQCSyntax-v1
@@ -434,7 +475,7 @@ id-pkix-OCSP 1		: basicOCSPResponse	: Basic OCSP Response
 id-pkix-OCSP 2          : Nonce                 : OCSP Nonce
 id-pkix-OCSP 3          : CrlID                 : OCSP CRL ID
 id-pkix-OCSP 4          : acceptableResponses   : Acceptable OCSP Responses
-id-pkix-OCSP 5          : noCheck
+id-pkix-OCSP 5          : noCheck               : OCSP No Check
 id-pkix-OCSP 6          : archiveCutoff         : OCSP Archive Cutoff
 id-pkix-OCSP 7          : serviceLocator        : OCSP Service Locator
 id-pkix-OCSP 8          : extendedStatus        : Extended OCSP Status
@@ -456,7 +497,9 @@ algorithm 11		: rsaSignature
 algorithm 12            : DSA-old               : dsaEncryption-old
 algorithm 13            : DSA-SHA               : dsaWithSHA
 algorithm 15            : RSA-SHA               : shaWithRSAEncryption
+!Cname des-ede-ecb
 algorithm 17            : DES-EDE               : des-ede
+!Cname des-ede3-ecb
                        : DES-EDE3              : des-ede3
                        : DES-EDE-CBC           : des-ede-cbc
 !Cname des-ede-cfb64
@@ -484,20 +527,22 @@ algorithm 29		: RSA-SHA1-2		: sha1WithRSA
 X500 4                  : X509
 X509 3                  : CN                    : commonName
-X509 4                  : S                     : surname
+X509 4                  : SN                    : surname
-X509 5                  : SN                    : serialNumber
+X509 5                  :                       : serialNumber
 X509 6                  : C                     : countryName
 X509 7                  : L                     : localityName
 X509 8                  : ST                    : stateOrProvinceName
 X509 10                 : O                     : organizationName
 X509 11                 : OU                    : organizationalUnitName
-X509 12                 : T                     : title
+X509 12                 :                       : title
-X509 13                 : D                     : description
+X509 13                 :                       : description
 X509 41                 : name                  : name
-X509 42                 : G                     : givenName
+X509 42                 : gn                    : givenName
-X509 43                 : I                     : initials
+X509 43                 :                       : initials
-X509 45                 : UID                   : uniqueIdentifier
+X509 44                 :                       : generationQualifier
+X509 45                 :                       : x500UniqueIdentifier
 X509 46                 : dnQualifier           : dnQualifier
+X509 72                 : role                  : role
 X500 8                  : X500algorithms        : directory services - algorithms
 X500algorithms 1 1      : RSA                   : rsa
@@ -531,8 +576,14 @@ id-ce 31		: crlDistributionPoints	: X509v3 CRL Distribution Points
 id-ce 32                : certificatePolicies   : X509v3 Certificate Policies
 !Cname authority-key-identifier
 id-ce 35                : authorityKeyIdentifier : X509v3 Authority Key Identifier
+!Cname policy-constraints
+id-ce 36                : policyConstraints     : X509v3 Policy Constraints
 !Cname ext-key-usage
 id-ce 37                : extendedKeyUsage      : X509v3 Extended Key Usage
+!Cname target-information
+id-ce 55                : targetInformation     : X509v3 AC Targeting
+!Cname no-rev-avail
+id-ce 56                : noRevAvail            : X509v3 No Revocation Available
 !Cname netscape
 2 16 840 1 113730       : Netscape              : Netscape Communications Corp.
@@ -573,17 +624,24 @@ internet 3		: experimental		: Experimental
 internet 4              : private               : Private
 internet 5              : security              : Security
 internet 6              : snmpv2                : SNMPv2
-internet 7              : mail                  : Mail
+# Documents refer to "internet 7" as "mail". This however leads to ambiguities
+# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
+# rfc822Mailbox. The short name is therefore here left out for a reason.
+# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
+# references are realized via long name "Mail" (with capital M).
+internet 7              :                       : Mail
-private 1               : enterprises           : Enterprises
+Private 1               : enterprises           : Enterprises
 # RFC 2247
-enterprises 1466 344    : dcobject              : dcObject
+Enterprises 1466 344    : dcobject              : dcObject
-# Stray OIDs we don't know the full name of each step for
+# RFC 1495
-# RFC 2247
+Mail 1                  : mime-mhs              : MIME MHS
-0 9 2342 19200300 100 1 25 : DC                 : domainComponent
+mime-mhs 1              : mime-mhs-headings     : mime-mhs-headings
-0 9 2342 19200300 100 4 13 : domain             : Domain
+mime-mhs 2              : mime-mhs-bodies       : mime-mhs-bodies
+mime-mhs-headings 1     : id-hex-partial-message : id-hex-partial-message
+mime-mhs-headings 2     : id-hex-multipart-message : id-hex-multipart-message
 # What the hell are these OIDs, really?
 !Cname rle-compression
@@ -591,3 +649,116 @@ enterprises 1466 344	: dcobject		: dcObject
 !Cname zlib-compression
 1 1 1 1 666 2           : ZLIB                  : zlib compression
+# AES aka Rijndael
+!Alias csor 2 16 840 1 101 3
+!Alias nistAlgorithms csor 4
+!Alias aes nistAlgorithms 1
+aes 1                   : AES-128-ECB           : aes-128-ecb
+aes 2                   : AES-128-CBC           : aes-128-cbc
+!Cname aes-128-ofb128
+aes 3                   : AES-128-OFB           : aes-128-ofb
+!Cname aes-128-cfb128
+aes 4                   : AES-128-CFB           : aes-128-cfb
+aes 21                  : AES-192-ECB           : aes-192-ecb
+aes 22                  : AES-192-CBC           : aes-192-cbc
+!Cname aes-192-ofb128
+aes 23                  : AES-192-OFB           : aes-192-ofb
+!Cname aes-192-cfb128
+aes 24                  : AES-192-CFB           : aes-192-cfb
+aes 41                  : AES-256-ECB           : aes-256-ecb
+aes 42                  : AES-256-CBC           : aes-256-cbc
+!Cname aes-256-ofb128
+aes 43                  : AES-256-OFB           : aes-256-ofb
+!Cname aes-256-cfb128
+aes 44                  : AES-256-CFB           : aes-256-cfb
+# Hold instruction CRL entry extension
+!Cname hold-instruction-code
+id-ce 23                : holdInstructionCode   : Hold Instruction Code
+!Alias holdInstruction  X9-57 2
+!Cname hold-instruction-none
+holdInstruction 1       : holdInstructionNone   : Hold Instruction None
+!Cname hold-instruction-call-issuer
+holdInstruction 2       : holdInstructionCallIssuer : Hold Instruction Call Issuer
+!Cname hold-instruction-reject
+holdInstruction 3       : holdInstructionReject : Hold Instruction Reject
+# OID's from CCITT.  Most of this is defined in RFC 1274.  A couple of
+# them are also mentioned in RFC 2247
+ccitt 9                 : data
+data 2342               : pss
+pss 19200300            : ucl
+ucl 100                 : pilot
+pilot 1                 :                       : pilotAttributeType
+pilot 3                 :                       : pilotAttributeSyntax
+pilot 4                 :                       : pilotObjectClass
+pilot 10                :                       : pilotGroups
+pilotAttributeSyntax 4  :                       : iA5StringSyntax
+pilotAttributeSyntax 5  :                       : caseIgnoreIA5StringSyntax
+pilotObjectClass 3      :                       : pilotObject
+pilotObjectClass 4      :                       : pilotPerson
+pilotObjectClass 5      : account
+pilotObjectClass 6      : document
+pilotObjectClass 7      : room
+pilotObjectClass 9      :                       : documentSeries
+pilotObjectClass 13     : domain                : Domain
+pilotObjectClass 14     :                       : rFC822localPart
+pilotObjectClass 15     :                       : dNSDomain
+pilotObjectClass 17     :                       : domainRelatedObject
+pilotObjectClass 18     :                       : friendlyCountry
+pilotObjectClass 19     :                       : simpleSecurityObject
+pilotObjectClass 20     :                       : pilotOrganization
+pilotObjectClass 21     :                       : pilotDSA
+pilotObjectClass 22     :                       : qualityLabelledData
+pilotAttributeType 1    : UID                   : userId
+pilotAttributeType 2    :                       : textEncodedORAddress
+pilotAttributeType 3    : mail                  : rfc822Mailbox
+pilotAttributeType 4    : info
+pilotAttributeType 5    :                       : favouriteDrink
+pilotAttributeType 6    :                       : roomNumber
+pilotAttributeType 7    : photo
+pilotAttributeType 8    :                       : userClass
+pilotAttributeType 9    : host
+pilotAttributeType 10   : manager
+pilotAttributeType 11   :                       : documentIdentifier
+pilotAttributeType 12   :                       : documentTitle
+pilotAttributeType 13   :                       : documentVersion
+pilotAttributeType 14   :                       : documentAuthor
+pilotAttributeType 15   :                       : documentLocation
+pilotAttributeType 20   :                       : homeTelephoneNumber
+pilotAttributeType 21   : secretary
+pilotAttributeType 22   :                       : otherMailbox
+pilotAttributeType 23   :                       : lastModifiedTime
+pilotAttributeType 24   :                       : lastModifiedBy
+pilotAttributeType 25   : DC                    : domainComponent
+pilotAttributeType 26   :                       : aRecord
+pilotAttributeType 27   :                       : pilotAttributeType27
+pilotAttributeType 28   :                       : mXRecord
+pilotAttributeType 29   :                       : nSRecord
+pilotAttributeType 30   :                       : sOARecord
+pilotAttributeType 31   :                       : cNAMERecord
+pilotAttributeType 37   :                       : associatedDomain
+pilotAttributeType 38   :                       : associatedName
+pilotAttributeType 39   :                       : homePostalAddress
+pilotAttributeType 40   :                       : personalTitle
+pilotAttributeType 41   :                       : mobileTelephoneNumber
+pilotAttributeType 42   :                       : pagerTelephoneNumber
+pilotAttributeType 43   :                       : friendlyCountryName
+# The following clashes with 2.5.4.45, so commented away
+#pilotAttributeType 44  : uid                   : uniqueIdentifier
+pilotAttributeType 45   :                       : organizationalStatus
+pilotAttributeType 46   :                       : janetMailbox
+pilotAttributeType 47   :                       : mailPreferenceOption
+pilotAttributeType 48   :                       : buildingName
+pilotAttributeType 49   :                       : dSAQuality
+pilotAttributeType 50   :                       : singleLevelQuality
+pilotAttributeType 51   :                       : subtreeMinimumQuality
+pilotAttributeType 52   :                       : subtreeMaximumQuality
+pilotAttributeType 53   :                       : personalSignature
+pilotAttributeType 54   :                       : dITRedirect
+pilotAttributeType 55   : audio
+pilotAttributeType 56   :                       : documentPublisher

diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt index 3d443cf884..65d0b15629 100644 --- a/src/lib/libcrypto/objects/objects.txt +++ b/src/lib/libcrypto/objects/objects.txt
@@ -1,7 +1,15 @@
		1	0 : CCITT : ccitt
		2
1	1 : ISO : iso	3	1 : ISO : iso
2		4
		5	2 : JOINT-ISO-CCITT : joint-iso-ccitt
		6
3	iso 2 : member-body : ISO Member Body	7	iso 2 : member-body : ISO Member Body
4		8
		9	joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types
		10
		11	selected-attribute-types 55 : clearance
		12
5	member-body 840 : ISO-US : ISO US Member Body	13	member-body 840 : ISO-US : ISO US Member Body
6	ISO-US 10040 : X9-57 : X9.57	14	ISO-US 10040 : X9-57 : X9.57
7	X9-57 4 : X9cm : X9.57 CM ?	15	X9-57 4 : X9cm : X9.57 CM ?
@@ -10,6 +18,32 @@ X9-57 4 : X9cm : X9.57 CM ?
10	X9cm 1 : DSA : dsaEncryption	18	X9cm 1 : DSA : dsaEncryption
11	X9cm 3 : DSA-SHA1 : dsaWithSHA1	19	X9cm 3 : DSA-SHA1 : dsaWithSHA1
12		20
		21
		22	ISO-US 10045 : ansi-X9-62 : ANSI X9.62
		23	!module X9-62
		24	!Alias id-fieldType ansi-X9-62 1
		25	X9-62_id-fieldType 1 : prime-field
		26	X9-62_id-fieldType 2 : characteristic-two-field
		27	# ... characteristic-two-field OID subtree
		28	!Alias id-publicKeyType ansi-X9-62 2
		29	X9-62_id-publicKeyType 1 : id-ecPublicKey
		30	!Alias ellipticCurve ansi-X9-62 3
		31	!Alias c-TwoCurve X9-62_ellipticCurve 0
		32	# ... characteristic 2 curve OIDs
		33	!Alias primeCurve X9-62_ellipticCurve 1
		34	X9-62_primeCurve 1 : prime192v1
		35	X9-62_primeCurve 2 : prime192v2
		36	X9-62_primeCurve 3 : prime192v3
		37	X9-62_primeCurve 4 : prime239v1
		38	X9-62_primeCurve 5 : prime239v2
		39	X9-62_primeCurve 6 : prime239v3
		40	X9-62_primeCurve 7 : prime256v1
		41	!Alias id-ecSigType ansi-X9-62 4
		42	!global
		43	X9-62_id-ecSigType 1 : ecdsa-with-SHA1
		44
		45
		46
13	ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc	47	ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc
14	: CAST5-ECB : cast5-ecb	48	: CAST5-ECB : cast5-ecb
15	!Cname cast5-cfb64	49	!Cname cast5-cfb64
@@ -26,6 +60,7 @@ rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS
26	pkcs 1 : pkcs1	60	pkcs 1 : pkcs1
27	pkcs1 1 : : rsaEncryption	61	pkcs1 1 : : rsaEncryption
28	pkcs1 2 : RSA-MD2 : md2WithRSAEncryption	62	pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
		63	pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
29	pkcs1 4 : RSA-MD5 : md5WithRSAEncryption	64	pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
30	pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption	65	pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
31		66
@@ -61,7 +96,7 @@ pkcs7 6 : : pkcs7-encryptedData
61		96
62	pkcs 9 : pkcs9	97	pkcs 9 : pkcs9
63	!module pkcs9	98	!module pkcs9
64	pkcs9 1 : Email : emailAddress	99	pkcs9 1 : : emailAddress
65	pkcs9 2 : : unstructuredName	100	pkcs9 2 : : unstructuredName
66	pkcs9 3 : : contentType	101	pkcs9 3 : : contentType
67	pkcs9 4 : : messageDigest	102	pkcs9 4 : : messageDigest
@@ -173,6 +208,8 @@ id-smime-cti 6 : id-smime-cti-ets-proofOfCreation
173		208
174	pkcs9 20 : : friendlyName	209	pkcs9 20 : : friendlyName
175	pkcs9 21 : : localKeyID	210	pkcs9 21 : : localKeyID
		211	!Cname ms-csp-name
		212	1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name
176	!Alias certTypes pkcs9 22	213	!Alias certTypes pkcs9 22
177	certTypes 1 : : x509Certificate	214	certTypes 1 : : x509Certificate
178	certTypes 2 : : sdsiCertificate	215	certTypes 2 : : sdsiCertificate
@@ -302,6 +339,9 @@ id-pe 6 : aaControls
302	id-pe 7 : sbqp-ipAddrBlock	339	id-pe 7 : sbqp-ipAddrBlock
303	id-pe 8 : sbqp-autonomousSysNum	340	id-pe 8 : sbqp-autonomousSysNum
304	id-pe 9 : sbqp-routerIdentifier	341	id-pe 9 : sbqp-routerIdentifier
		342	id-pe 10 : ac-proxying
		343	!Cname sinfo-access
		344	id-pe 11 : subjectInfoAccess : Subject Information Access
305		345
306	# PKIX policyQualifiers for Internet policy qualifiers	346	# PKIX policyQualifiers for Internet policy qualifiers
307	id-qt 1 : id-qt-cps : Policy Qualifier CPS	347	id-qt 1 : id-qt-cps : Policy Qualifier CPS
@@ -396,17 +436,18 @@ id-on 1 : id-on-personalData
396	# personal data attributes	436	# personal data attributes
397	id-pda 1 : id-pda-dateOfBirth	437	id-pda 1 : id-pda-dateOfBirth
398	id-pda 2 : id-pda-placeOfBirth	438	id-pda 2 : id-pda-placeOfBirth
399	id-pda 3 : id-pda-pseudonym	439	id-pda 3 : id-pda-gender
400	id-pda 4 : id-pda-gender	440	id-pda 4 : id-pda-countryOfCitizenship
401	id-pda 5 : id-pda-countryOfCitizenship	441	id-pda 5 : id-pda-countryOfResidence
402	id-pda 6 : id-pda-countryOfResidence
403		442
404	# attribute certificate attributes	443	# attribute certificate attributes
405	id-aca 1 : id-aca-authenticationInfo	444	id-aca 1 : id-aca-authenticationInfo
406	id-aca 2 : id-aca-accessIdentity	445	id-aca 2 : id-aca-accessIdentity
407	id-aca 3 : id-aca-chargingIdentity	446	id-aca 3 : id-aca-chargingIdentity
408	id-aca 4 : id-aca-group	447	id-aca 4 : id-aca-group
		448	# attention : the following seems to be obsolete, replace by 'role'
409	id-aca 5 : id-aca-role	449	id-aca 5 : id-aca-role
		450	id-aca 6 : id-aca-encAttrs
410		451
411	# qualified certificate statements	452	# qualified certificate statements
412	id-qcs 1 : id-qcs-pkixQCSyntax-v1	453	id-qcs 1 : id-qcs-pkixQCSyntax-v1
@@ -434,7 +475,7 @@ id-pkix-OCSP 1 : basicOCSPResponse : Basic OCSP Response
434	id-pkix-OCSP 2 : Nonce : OCSP Nonce	475	id-pkix-OCSP 2 : Nonce : OCSP Nonce
435	id-pkix-OCSP 3 : CrlID : OCSP CRL ID	476	id-pkix-OCSP 3 : CrlID : OCSP CRL ID
436	id-pkix-OCSP 4 : acceptableResponses : Acceptable OCSP Responses	477	id-pkix-OCSP 4 : acceptableResponses : Acceptable OCSP Responses
437	id-pkix-OCSP 5 : noCheck	478	id-pkix-OCSP 5 : noCheck : OCSP No Check
438	id-pkix-OCSP 6 : archiveCutoff : OCSP Archive Cutoff	479	id-pkix-OCSP 6 : archiveCutoff : OCSP Archive Cutoff
439	id-pkix-OCSP 7 : serviceLocator : OCSP Service Locator	480	id-pkix-OCSP 7 : serviceLocator : OCSP Service Locator
440	id-pkix-OCSP 8 : extendedStatus : Extended OCSP Status	481	id-pkix-OCSP 8 : extendedStatus : Extended OCSP Status
@@ -456,7 +497,9 @@ algorithm 11 : rsaSignature
456	algorithm 12 : DSA-old : dsaEncryption-old	497	algorithm 12 : DSA-old : dsaEncryption-old
457	algorithm 13 : DSA-SHA : dsaWithSHA	498	algorithm 13 : DSA-SHA : dsaWithSHA
458	algorithm 15 : RSA-SHA : shaWithRSAEncryption	499	algorithm 15 : RSA-SHA : shaWithRSAEncryption
		500	!Cname des-ede-ecb
459	algorithm 17 : DES-EDE : des-ede	501	algorithm 17 : DES-EDE : des-ede
		502	!Cname des-ede3-ecb
460	: DES-EDE3 : des-ede3	503	: DES-EDE3 : des-ede3
461	: DES-EDE-CBC : des-ede-cbc	504	: DES-EDE-CBC : des-ede-cbc
462	!Cname des-ede-cfb64	505	!Cname des-ede-cfb64
@@ -484,20 +527,22 @@ algorithm 29 : RSA-SHA1-2 : sha1WithRSA
484		527
485	X500 4 : X509	528	X500 4 : X509
486	X509 3 : CN : commonName	529	X509 3 : CN : commonName
487	X509 4 : S : surname	530	X509 4 : SN : surname
488	X509 5 : SN : serialNumber	531	X509 5 : : serialNumber
489	X509 6 : C : countryName	532	X509 6 : C : countryName
490	X509 7 : L : localityName	533	X509 7 : L : localityName
491	X509 8 : ST : stateOrProvinceName	534	X509 8 : ST : stateOrProvinceName
492	X509 10 : O : organizationName	535	X509 10 : O : organizationName
493	X509 11 : OU : organizationalUnitName	536	X509 11 : OU : organizationalUnitName
494	X509 12 : T : title	537	X509 12 : : title
495	X509 13 : D : description	538	X509 13 : : description
496	X509 41 : name : name	539	X509 41 : name : name
497	X509 42 : G : givenName	540	X509 42 : gn : givenName
498	X509 43 : I : initials	541	X509 43 : : initials
499	X509 45 : UID : uniqueIdentifier	542	X509 44 : : generationQualifier
		543	X509 45 : : x500UniqueIdentifier
500	X509 46 : dnQualifier : dnQualifier	544	X509 46 : dnQualifier : dnQualifier
		545	X509 72 : role : role
501		546
502	X500 8 : X500algorithms : directory services - algorithms	547	X500 8 : X500algorithms : directory services - algorithms
503	X500algorithms 1 1 : RSA : rsa	548	X500algorithms 1 1 : RSA : rsa
@@ -531,8 +576,14 @@ id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points
531	id-ce 32 : certificatePolicies : X509v3 Certificate Policies	576	id-ce 32 : certificatePolicies : X509v3 Certificate Policies
532	!Cname authority-key-identifier	577	!Cname authority-key-identifier
533	id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier	578	id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier
		579	!Cname policy-constraints
		580	id-ce 36 : policyConstraints : X509v3 Policy Constraints
534	!Cname ext-key-usage	581	!Cname ext-key-usage
535	id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage	582	id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
		583	!Cname target-information
		584	id-ce 55 : targetInformation : X509v3 AC Targeting
		585	!Cname no-rev-avail
		586	id-ce 56 : noRevAvail : X509v3 No Revocation Available
536		587
537	!Cname netscape	588	!Cname netscape
538	2 16 840 1 113730 : Netscape : Netscape Communications Corp.	589	2 16 840 1 113730 : Netscape : Netscape Communications Corp.
@@ -573,17 +624,24 @@ internet 3 : experimental : Experimental
573	internet 4 : private : Private	624	internet 4 : private : Private
574	internet 5 : security : Security	625	internet 5 : security : Security
575	internet 6 : snmpv2 : SNMPv2	626	internet 6 : snmpv2 : SNMPv2
576	internet 7 : mail : Mail	627	# Documents refer to "internet 7" as "mail". This however leads to ambiguities
		628	# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
		629	# rfc822Mailbox. The short name is therefore here left out for a reason.
		630	# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
		631	# references are realized via long name "Mail" (with capital M).
		632	internet 7 : : Mail
577		633
578	private 1 : enterprises : Enterprises	634	Private 1 : enterprises : Enterprises
579		635
580	# RFC 2247	636	# RFC 2247
581	enterprises 1466 344 : dcobject : dcObject	637	Enterprises 1466 344 : dcobject : dcObject
582		638
583	# Stray OIDs we don't know the full name of each step for	639	# RFC 1495
584	# RFC 2247	640	Mail 1 : mime-mhs : MIME MHS
585	0 9 2342 19200300 100 1 25 : DC : domainComponent	641	mime-mhs 1 : mime-mhs-headings : mime-mhs-headings
586	0 9 2342 19200300 100 4 13 : domain : Domain	642	mime-mhs 2 : mime-mhs-bodies : mime-mhs-bodies
		643	mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message
		644	mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message
587		645
588	# What the hell are these OIDs, really?	646	# What the hell are these OIDs, really?
589	!Cname rle-compression	647	!Cname rle-compression
@@ -591,3 +649,116 @@ enterprises 1466 344 : dcobject : dcObject
591	!Cname zlib-compression	649	!Cname zlib-compression
592	1 1 1 1 666 2 : ZLIB : zlib compression	650	1 1 1 1 666 2 : ZLIB : zlib compression
593		651
		652	# AES aka Rijndael
		653
		654	!Alias csor 2 16 840 1 101 3
		655	!Alias nistAlgorithms csor 4
		656	!Alias aes nistAlgorithms 1
		657
		658	aes 1 : AES-128-ECB : aes-128-ecb
		659	aes 2 : AES-128-CBC : aes-128-cbc
		660	!Cname aes-128-ofb128
		661	aes 3 : AES-128-OFB : aes-128-ofb
		662	!Cname aes-128-cfb128
		663	aes 4 : AES-128-CFB : aes-128-cfb
		664
		665	aes 21 : AES-192-ECB : aes-192-ecb
		666	aes 22 : AES-192-CBC : aes-192-cbc
		667	!Cname aes-192-ofb128
		668	aes 23 : AES-192-OFB : aes-192-ofb
		669	!Cname aes-192-cfb128
		670	aes 24 : AES-192-CFB : aes-192-cfb
		671
		672	aes 41 : AES-256-ECB : aes-256-ecb
		673	aes 42 : AES-256-CBC : aes-256-cbc
		674	!Cname aes-256-ofb128
		675	aes 43 : AES-256-OFB : aes-256-ofb
		676	!Cname aes-256-cfb128
		677	aes 44 : AES-256-CFB : aes-256-cfb
		678
		679	# Hold instruction CRL entry extension
		680	!Cname hold-instruction-code
		681	id-ce 23 : holdInstructionCode : Hold Instruction Code
		682	!Alias holdInstruction X9-57 2
		683	!Cname hold-instruction-none
		684	holdInstruction 1 : holdInstructionNone : Hold Instruction None
		685	!Cname hold-instruction-call-issuer
		686	holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer
		687	!Cname hold-instruction-reject
		688	holdInstruction 3 : holdInstructionReject : Hold Instruction Reject
		689
		690	# OID's from CCITT. Most of this is defined in RFC 1274. A couple of
		691	# them are also mentioned in RFC 2247
		692	ccitt 9 : data
		693	data 2342 : pss
		694	pss 19200300 : ucl
		695	ucl 100 : pilot
		696	pilot 1 : : pilotAttributeType
		697	pilot 3 : : pilotAttributeSyntax
		698	pilot 4 : : pilotObjectClass
		699	pilot 10 : : pilotGroups
		700	pilotAttributeSyntax 4 : : iA5StringSyntax
		701	pilotAttributeSyntax 5 : : caseIgnoreIA5StringSyntax
		702	pilotObjectClass 3 : : pilotObject
		703	pilotObjectClass 4 : : pilotPerson
		704	pilotObjectClass 5 : account
		705	pilotObjectClass 6 : document
		706	pilotObjectClass 7 : room
		707	pilotObjectClass 9 : : documentSeries
		708	pilotObjectClass 13 : domain : Domain
		709	pilotObjectClass 14 : : rFC822localPart
		710	pilotObjectClass 15 : : dNSDomain
		711	pilotObjectClass 17 : : domainRelatedObject
		712	pilotObjectClass 18 : : friendlyCountry
		713	pilotObjectClass 19 : : simpleSecurityObject
		714	pilotObjectClass 20 : : pilotOrganization
		715	pilotObjectClass 21 : : pilotDSA
		716	pilotObjectClass 22 : : qualityLabelledData
		717	pilotAttributeType 1 : UID : userId
		718	pilotAttributeType 2 : : textEncodedORAddress
		719	pilotAttributeType 3 : mail : rfc822Mailbox
		720	pilotAttributeType 4 : info
		721	pilotAttributeType 5 : : favouriteDrink
		722	pilotAttributeType 6 : : roomNumber
		723	pilotAttributeType 7 : photo
		724	pilotAttributeType 8 : : userClass
		725	pilotAttributeType 9 : host
		726	pilotAttributeType 10 : manager
		727	pilotAttributeType 11 : : documentIdentifier
		728	pilotAttributeType 12 : : documentTitle
		729	pilotAttributeType 13 : : documentVersion
		730	pilotAttributeType 14 : : documentAuthor
		731	pilotAttributeType 15 : : documentLocation
		732	pilotAttributeType 20 : : homeTelephoneNumber
		733	pilotAttributeType 21 : secretary
		734	pilotAttributeType 22 : : otherMailbox
		735	pilotAttributeType 23 : : lastModifiedTime
		736	pilotAttributeType 24 : : lastModifiedBy
		737	pilotAttributeType 25 : DC : domainComponent
		738	pilotAttributeType 26 : : aRecord
		739	pilotAttributeType 27 : : pilotAttributeType27
		740	pilotAttributeType 28 : : mXRecord
		741	pilotAttributeType 29 : : nSRecord
		742	pilotAttributeType 30 : : sOARecord
		743	pilotAttributeType 31 : : cNAMERecord
		744	pilotAttributeType 37 : : associatedDomain
		745	pilotAttributeType 38 : : associatedName
		746	pilotAttributeType 39 : : homePostalAddress
		747	pilotAttributeType 40 : : personalTitle
		748	pilotAttributeType 41 : : mobileTelephoneNumber
		749	pilotAttributeType 42 : : pagerTelephoneNumber
		750	pilotAttributeType 43 : : friendlyCountryName
		751	# The following clashes with 2.5.4.45, so commented away
		752	#pilotAttributeType 44 : uid : uniqueIdentifier
		753	pilotAttributeType 45 : : organizationalStatus
		754	pilotAttributeType 46 : : janetMailbox
		755	pilotAttributeType 47 : : mailPreferenceOption
		756	pilotAttributeType 48 : : buildingName
		757	pilotAttributeType 49 : : dSAQuality
		758	pilotAttributeType 50 : : singleLevelQuality
		759	pilotAttributeType 51 : : subtreeMinimumQuality
		760	pilotAttributeType 52 : : subtreeMaximumQuality
		761	pilotAttributeType 53 : : personalSignature
		762	pilotAttributeType 54 : : dITRedirect
		763	pilotAttributeType 55 : audio
		764	pilotAttributeType 56 : : documentPublisher