Hi all,
While porting some code across from RHEL6 (openssl-1.0.1e-42) to RHEL7
(openssl-1.0.2k-16), I am getting the failure below where previously the code
worked.
The code creates an X509_REQ, populates it, and then passes this to a module.
Before passing it to the module, the structure is canonicalised by passing it
through i2d_X509_REQ() and then d2i_X509_REQ() on the other side.
On RHEL7, d2i_X509_REQ fails as follows:
[root@localhost ~]# openssl req -in req.bin -inform der
unable to load X509 request
139903756527504:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid
object encoding:a_object.c:287:
139903756527504:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:tasn_dec.c:720:Field=algorithm, Type=X509_ALGOR
139903756527504:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:tasn_dec.c:720:Field=sig_alg, Type=X509_REQ
The failure occurs in the openssl code here:
424 for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
(gdb)
427 seqtt = asn1_do_adb(pval, tt, 1);
(gdb)
428 if (seqtt == NULL)
(gdb)
427 seqtt = asn1_do_adb(pval, tt, 1);
(gdb)
428 if (seqtt == NULL)
(gdb)
430 pseqval = asn1_get_field_ptr(pval, seqtt);
(gdb)
432 if (!len)
(gdb)
430 pseqval = asn1_get_field_ptr(pval, seqtt);
(gdb)
432 if (!len)
(gdb)
435 if (asn1_check_eoc(&p, len)) {
(gdb)
434 q = p;
(gdb)
435 if (asn1_check_eoc(&p, len)) {
(gdb)
451 if (i == (it->tcount - 1))
(gdb)
459 ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt,
ctx,
(gdb)
461 if (!ret) {
[————error here————]
(gdb)
520 if (combine == 0)
(gdb)
521 ASN1_item_ex_free(pval, it);
(gdb)
522 if (errtt)
(gdb)
523 ERR_add_error_data(4, "Field=", errtt->field_name,
(gdb)
527 return 0;
(gdb)
528 }
The CSR can be found here: http://www.sharp.fm/req.bin
Would it be possible to confirm what is wrong with this request?
Regards,
Graham
—
