Jean-Marc Desperrier wrote:
>
> Hi,
>
> pkcs#7 DER structures generated by openssl have two header in
> BER (infinite length) for the two sequence at the very start of the
> encoding.
>
> Is there a good reason for that ?
> I have a tool that 's annoyed by this BER encoding and I think it should
> not be too difficult to patch p7_lib.c so that DER encoding with a
> limited length is used instead, but I'd like to know if there is a
> reason for the choice of BER encoding here.
>
Try OpenSSL 0.9.6: this has already been done.
The original reason was to support the use of indefinite length encoding
of the content and not having to keep the structure all in memory but
this can't really be done properly with the current ASN1 code. As such
it served no purpose so it's been removed for now.
BTW if your tool doesn't like it then it broken, there's nothing illegal
about this form.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
