This is going to sound rather stupid of me, but I'm going to ask this anyway:
is there any possible potential DER-encoded message which will begin with the string "-----BEGIN X509 CRL-----"? If there isn't, might I possibly suggest that requiring DER in this location and manner will do absolutely nothing to heighten security, and will only make it that much more difficult to figure out what a given bunch of data is supposed to be? Why is Firefox insisting on a specific encoding of the data, rather than being flexible to alternate, unconfusable, common encodings? Yes, it's base64-encoded DER. OpenSSL can handle them (granted, with the '-inform PEM' option) without issue. -Kyle H On Wed, Feb 25, 2009 at 10:39 AM, <kathleen95...@yahoo.com> wrote: > I apologize for the confusion. I was mentally mistaking the error code > ffffe009 for fffe095. > > In regards to the CRLS > http://fedir.comsign.co.il/crl/ComSignCA.crl > http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl > > I have just tried the two CRL’s again, and see that the error is > indeed ffffe009 which corresponds to error code -8183 which would be > “Security library: improperly formatted DER-encoded message.” As per > http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html > > The likely issue is that the CRLs are encoded PEM and need to be > changed to DER. > > Kathleen > > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto