Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Object Identifiers — Oid

The obj module provides [Oid][native_ossl::obj::Oid], an owned wrapper around an OpenSSL ASN1_OBJECT* that supports arbitrary OID comparison regardless of NID registration.

Why Oid instead of NID functions?

[nid_from_text][native_ossl::x509::nid_from_text] only recognises OIDs that are registered in OpenSSL’s built-in NID table. For OIDs outside that table — such as vendor-specific or application-specific extensions — it returns None.

Oid::from_text calls OBJ_txt2obj instead, which creates an ASN1_OBJECT for any well-formed dotted decimal OID string, whether or not OpenSSL knows its short name. Two Oid values are compared by structural equality of their ASN.1 DER encoding via OBJ_cmp.

Creating an Oid

#![allow(unused)]
fn main() {
use native_ossl::obj::Oid;

// From a registered short name
let sha256 = Oid::from_text("sha256").unwrap();
println!("{sha256}");  // "2.16.840.1.101.3.4.2.1"

// From a dotted decimal OID — works for unregistered OIDs too
let pkinit_san = Oid::from_text("1.3.6.1.5.2.2").unwrap();
println!("{pkinit_san}");  // "1.3.6.1.5.2.2"
}

Comparing OIDs

#![allow(unused)]
fn main() {
let a = Oid::from_text("2.5.4.3").unwrap();  // commonName
let b = Oid::from_text("2.5.4.3").unwrap();
assert_eq!(a, b);

let c = Oid::from_text("2.5.4.6").unwrap();  // countryName
assert_ne!(a, c);
}

NID lookup

For OIDs that are in OpenSSL’s NID table, [Oid::nid] returns the registered NID. For unregistered OIDs it returns 0 (NID_undef).

#![allow(unused)]
fn main() {
let oid = Oid::from_text("sha256").unwrap();
let nid = oid.nid();
assert_ne!(nid, 0);
}

Display format

Display always produces dotted decimal notation, even for registered OIDs. Use the NID functions from [x509][native_ossl::x509] if you need short or long name strings.