Nit: redundant leading 00 (or FF) in an INTEGER is VALID *B*ER
but INVALID *D*ER. And signed things like certs are *D*ER
for exactly this reason, so a reconstructed encoding is
bit for bit identical and hashes and signatures etc. work.
BER is already 'distinguished concerning the content
Hodie IV Kal. Sep. MMX, Mounir IDRASSI scripsit:
[...]
Specifically, Peter Gutmann in his X.509 Style Guide says this about this
field : If you're writing certificate-handling code, just treat the
serial number as a blob which happens to be an encoded integer.
This is the kind of advice that
Greetings
I have another problem with certificate verification. I get the same
error as always with a testing CA we created... we have issued a
certificate signed by this CA but we get the same error:
*error 20 at 0 depth lookup:unable to get local issuer certificate*
After checking if
Hodie III Kal. Sep. MMX, Tomás Tormo scripsit:
[...]
[amsterdam:/morralla/ttormo/ACIndenova]# openssl x509 -in acindenova.cer
-text
[...]
Not Before: Dec 8 08:31:12 2006 GMT
Not After : Dec 5 08:41:12 2016 GMT
[...]
[amsterdam:/test]# openssl x509 -in
On Mon, Aug 30, 2010, Toms Tormo wrote:
Finally, I checked the Authority Key Identifier of the EE certificate but
it looks good to me...
/[amsterdam:/test]# openssl x509 -in admesigna.cer -text
keyid:B2:D2:89:54:6C:14:8E:84:CC:F4:DA:26:6A:45:9C:27:A9:5C:02:CF
У нед, 29. 08 2010. у 04:17 +0200, Mounir IDRASSI пише:
After some digging, I found that part of the problem is caused by the
functions c2i_ASN1_INTEGER and d2i_ASN1_UINTEGER in file
crypto\asn1\a_int.c. At lines 244 and 314, there is an if block that
removes any leading zeros. Commenting
Hodie III Kal. Sep. MMX, Goran Rakic scripsit:
[...]
I read the other messages in this thread, but I am not an expert in the
field so I do not know if openssl should add a support for incorrect
serial numbers. In RFC 3280 there is a note about Non-conforming CAs
where section 4.1.2.2 Serial
Dave,
Thank you for the clarification on HTTP keep-alives.
I have just now fixed the bug. The source of the problem was an
SSL_read call on the client half of the proxy. This was triggering an error
SSL_ERROR_SYSCALL with a ret of zero. According to the documentation this
is normally
On Mon, Aug 30, 2010, Goran Rakic wrote:
?? ??, 29. 08 2010. ?? 04:17 +0200, Mounir IDRASSI :
After some digging, I found that part of the problem is caused by the
functions c2i_ASN1_INTEGER and d2i_ASN1_UINTEGER in file
crypto\asn1\a_int.c. At lines 244 and 314, there is
У пон, 30. 08 2010. у 20:38 +0200, Dr. Stephen Henson пише:
I wouldn't advise changing the code in that way (FYI I wrote it). The normal
workaround in OpenSSL for broken encodings is to use the original encoding
by caching it. The attached three line patch adds this workaround for
Hi,
Sorry I made a mistake with question 3 due to my mis-understanding of
plaintext. It is actually the same question as question 1.
Actually I can control the TLS record size when calling SSL_write by
restricting the buffer size of each iterative. However, I couldn't control
the size in
On Mon, Aug 30, 2010, Goran Rakic wrote:
?? ??, 30. 08 2010. ?? 20:38 +0200, Dr. Stephen Henson :
I wouldn't advise changing the code in that way (FYI I wrote it). The normal
workaround in OpenSSL for broken encodings is to use the original encoding
by caching it. The
12 matches
Mail list logo