I am unable to decode an authority key identifier extension containing a
directory name choice in a Microsoft-Certificate-Server-generated
certificate using OpenSSL's d2i_AUTHORITY_KEYID when d2i_GENERAL_NAMES is
asked to expect the class universal (i.e., V_ASN1_UNIVERSAL):
STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a,
unsigned char **pp, long length)
{
return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME,
GENERAL_NAME_free, V_ASN1_SEQUENCE,
V_ASN1_UNIVERSAL);
}
The actual error occurs in d2i_ASN1_SET on line 170 of a_set.c.
If d2i_GENERAL_NAMES is changed to expect the class context-specific (i.e.,
V_ASN1_CONTEXT_SPECIFIC), everything works:
STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a,
unsigned char **pp, long length)
{
return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME,
GENERAL_NAME_free, V_ASN1_SEQUENCE, /*
V_ASN1_UNIVERSAL */ V_ASN1_CONTEXT_SPECIFIC);
}
I believe the cause of the problem is:
1. the GeneralName CHOICE directoryName is a CHOICE (containing an
RDNSequence)
2. user-defined tags of elements of "type" CHOICE are explicit
3. by default, explicit tags are of class context-specific
Is this a bug?
Frank
P.S. The relevant ASN.1 is:
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNames OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] AnotherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
Name ::= CHOICE { -- only one possibility for now --
rdnSequence RDNSequence }
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
