Bo Sehlberg wrote:
>
> I am trying to convert a CRL from DER to PEM, using openSSL
> 0.9.4-SNAP-19990906:
>
> openssl crl -text -inform DER -outform PEM -text -in test.crl
>
> but fails with the following error:
> ............
> unable to load CRL
> 25061:error:0D0A4008:asn1 encoding routines:d2i_X509_CRL_INFO:asn1
> length mismatch:x_crl.c:208:address=1705212 offset=111
> 25061:error:0D0A3004:asn1 encoding routines:d2i_X509_CRL:nested asn1
> error:x_crl.c:234:address=1705208 offset=4
> ............
> I can dump the file using 'openssl asn1parse' without any problem.
>
Ugh. The CRL is invalid because it contains extensions but is only
marked as V1. PKIX says that a CRL with extensions MUST be V2. OpenSSL
doesn't try to parse extensions if the version isn't v2 with the
problems you mention.
I'll check in a workaround soon. However if you just comment out the:
if (ver >= 1)
test at line 193 of crypto/asn1/x_crl.c then you might be OK.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
