Hi folks,with changeset 4375 a new bug was introduced, which brakes applications looking up certificates by serial number. For example Mozilla Thunderbird. One consequence of this is, that at the moment it is impossible to read encrypted emails with the named email client using ope...@head. The reason behind is, that opensc uses the wrong tag in the DER encoded serial number. It should be INTEGER in place of OCTET_STRING. A working fix is attached to this message.
See discussion here: http://www.opensc-project.org/pipermail/opensc-devel/2010-May/014264.html And search for CertificateSerialNumber there: http://www.ietf.org/rfc/rfc5280.txt Regards, Andre Zepezauer
Index: libopensc/pkcs15-cert.c
===================================================================
--- libopensc/pkcs15-cert.c (revision 4403)
+++ libopensc/pkcs15-cert.c (working copy)
@@ -79,7 +79,7 @@
{ NULL, 0, 0, 0, NULL, NULL }
};
struct sc_asn1_entry asn1_serial_number[] = {
- { "serialNumber", SC_ASN1_OCTET_STRING,
SC_ASN1_TAG_OCTET_STRING, SC_ASN1_ALLOC, NULL, NULL },
+ { "serialNumber", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_INTEGER,
SC_ASN1_ALLOC, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL }
};
const u8 *obj;
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
