Folowing up to my last post, as promised. I wrote: > > Dr S N Henson wrote: >> >> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says... >> > >> > serialNumber is NOT DER encoded. It contains the serial number as found >> > in the certificate for which you're searching. This number is stored in >> > big-endian (most significant byte first) order, with no leading zero bytes. >> > >> >> Hmmm. Can it distinguish between positive and negative serial numbers? > > Hmmm. Good question. I may be wrong about the leading zeros.
Indeed, the correct answer is, with no _extra_ leading 00 or FF bytes. IOW, it's exactly the DER encoded representation, minus the type and length bytes. There may be a bug in the function we were discussing in NSS as it is on the tip, but I believe it will be fixed before NSS 3.4 is released. -- Nelson Bolyard Netscape Disclaimer: I speak for myself, not for Netscape
