The encoding is invalid BER.
The openssl is tolerant but also destructive in copy.
whenever you use openssl x509 -in -out ... you remove one leading 0 octet.
IMHO openssl should reject the cert because of invalid encoding.
On 08/29/2010 04:17 AM, Mounir IDRASSI wrote:
Hi,
The problem you
Hi Peter,
Although the certificate's encoding of the serial number field breaks the
BER specification about the minimal bytes representation, it is known that
many CA's and libraries treat this field as a blob and usually encode it
on a fixed length basis without caring about leading zeros.
We're trying to generate self signed certs and don't seem to keep the
attributes after a csr is signed by a self generated CA via openssl (i.e.: OIDs
specified in openssl.cfg drop off the server cert after signed, thus creating a
V1 cert).
Here is an example of the syntax I'm using:
Hello,
We're trying to generate self signed certs and don't seem to keep the
attributes after a csr is signed by a self generated CA via openssl (i.e.: OIDs
specified in openssl.cfg drop off the server cert after signed, thus creating a
V1 cert).
Here is an example of the syntax I'm using:
On 08/29/2010 01:20 PM, Mounir IDRASSI wrote:
Hi Peter,
Although the certificate's encoding of the serial number field breaks the
BER specification about the minimal bytes representation, it is known that
many CA's and libraries treat this field as a blob and usually encode it
on a fixed length
On 08/29/2010 07:38 PM, Mounir IDRASSI wrote:
Hi Peter,
Thank you for your comments.
As I said, this kind of debates can be very heated and going down this
road don't lead usually to any results.
The debate may be whether and how something should be
done in openssl, I admit I had started
From: owner-openssl-us...@openssl.org On Behalf Of Sam Jantz
Sent: Friday, 27 August, 2010 18:16
I have a question concerning Keep-Alives. I'm writing a SSL
proxy
(which is working great except for this issue) and every time I
[POST about 470KB rather than about
From: owner-openssl-us...@openssl.org On Behalf Of Peter Sylvester
Sent: Sunday, 29 August, 2010 05:44
The encoding is invalid BER.
The openssl is tolerant but also destructive in copy.
whenever you use openssl x509 -in -out ... you remove one
leading 0 octet.
IMHO openssl should
From: owner-openssl-us...@openssl.org On Behalf Of Devin Ceartas
Sent: Friday, 27 August, 2010 16:21
To: openssl-users@openssl.org
Subject: Fallback certs
Is it possible to have a preferred certificate (say, one I created
myself and signed with my own root) and have connections to a web
From: owner-openssl-us...@openssl.org On Behalf Of Andy GOKTAS
Sent: Friday, 27 August, 2010 13:00
To: openssl-users@openssl.org
Subject: Need help with signing a csr with a openssl generated CA.
Hello,
We're trying to generate self signed certs and don't seem to
keep the attributes
10 matches
Mail list logo
