I believe there is a X509_NAME_ENTRY_set_data() bug in 0.9.5 that is
triggered by X509_NAME_ENTRY_create_by_NID() when called with
'type' set to V_ASN1_APP_CHOOSE.
Here's the diff between 0.9.4 and 0.9.5 for X509_NAME_ENTRY_set_data():
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
unsigned char *bytes, int len)
{
int i;
if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
+ if(type & MBSTRING_FLAG)
+ return ASN1_STRING_set_by_NID(&ne->value, bytes,
+ len, type,
+ OBJ_obj2nid(ne->object)) ? 1 : 0;
if (len < 0) len=strlen((char *)bytes);
i=ASN1_STRING_set(ne->value,bytes,len);
if (!i) return(0);
[snip]
However, when X509_NAME_ENTRY_create_by_NID() is called with 'type'
set to V_ASN1_APP_CHOOSE (which has the value -2), 'type' in
X509_NAME_ENTRY_set_data() is -2. Of course, since -2 is 0xfffffffe
and MBSTRING_FLAG is 0x1000, the comparison 'type & MBSTRING_FLAG'
evaluates to true and ASN1_STRING_set_by_NID() is called.
When ASN1_STRING_set_by_NID() calls ASN1_mbstring_copy(), 'inform'
is 'type' (still -2), but ASN1_mbstring_copy() expects 'inform'
to be one of the MBSTRING types (0x1001 .. 0x1004). Thus, the
following error is thrown in ASN1_mbstring_ncopy():
ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT);
brian
[EMAIL PROTECTED] (play)
[EMAIL PROTECTED] (work)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
