CRL with Revoked Certs problem (ASN1 bug?).

Fri, 09 Feb 2001 12:10:57 -0800 

Hi all,

I've been using the openssl-SNAP-20010126 and I found this strange
behaviour - possible bug(?) - in crl generation/parsing.

Let me know if this has been fixed in current SNAPs...

Using the "ca -gencrl" command I issued the attached CRL, and when
trying to load it ( openssl crl <13299_crl.tmp ) I get these error
messages:

unable to load CRL
13321:error:0D06809C:asn1 encoding routines:ASN1_CHECK_TLEN:too
long:tasn_dec.c:882:
13321:error:0D078004:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:144:Type=ASN1_TIME
13321:error:0D083004:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
error:tasn_dec.c:533:Field=revocationDate, Type=X509_REVOKED
13321:error:0D083004:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
error:tasn_dec.c:509:Field=revoked, Type=X509_CRL_INFO
13321:error:0D083004:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
error:tasn_dec.c:533:Field=crl, Type=X509_CRL
13321:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:290:

This CRL contains data of only one revoked certificate (serial: 04 ).

The strange thing is that if I issue a crl without any revoked certificate
everithing seems to be fine. Here I report the asn1parse results:

    0:d=0  hl=4 l= 445 cons: SEQUENCE          
    4:d=1  hl=3 l= 166 cons: SEQUENCE          
    7:d=2  hl=2 l=  13 cons: SEQUENCE          
    9:d=3  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
   20:d=3  hl=2 l=   0 prim: NULL              
   22:d=2  hl=2 l=  97 cons: SEQUENCE          
   24:d=3  hl=2 l=  31 cons: SET               
   26:d=4  hl=2 l=  29 cons: SEQUENCE          
   28:d=5  hl=2 l=   9 prim: OBJECT            :emailAddress
   39:d=5  hl=2 l=  16 prim: IA5STRING         :[EMAIL PROTECTED]
   57:d=3  hl=2 l=  32 cons: SET               
   59:d=4  hl=2 l=  30 cons: SEQUENCE          
   61:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   66:d=5  hl=2 l=  23 prim: PRINTABLESTRING   :Certification Authority
   91:d=3  hl=2 l=  15 cons: SET               
   93:d=4  hl=2 l=  13 cons: SEQUENCE          
   95:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
  100:d=5  hl=2 l=   6 prim: PRINTABLESTRING   :mpcNET
  108:d=3  hl=2 l=  11 cons: SET               
  110:d=4  hl=2 l=   9 cons: SEQUENCE          
  112:d=5  hl=2 l=   3 prim: OBJECT            :countryName
  117:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :IT
  121:d=2  hl=2 l=  13 prim: UTCTIME           :010209201117Z
  136:d=2  hl=2 l=  13 prim: UTCTIME           :010216201117Z
  151:d=2  hl=2 l=  20 cons: SEQUENCE          
  153:d=3  hl=2 l=  18 cons: SEQUENCE          
  155:d=4  hl=2 l=   1 prim: INTEGER           :04
  158:d=4  hl=3 l=  48 prim: <ASN1 13>         
  209:d=1  hl=2 l= 103 cons: cont [ 15 ]       
  211:d=2  hl=11 l=495159753 cons: appl [ 2 ]        
length is greater than 92


C'you,

        Massimiliano Pala ([EMAIL PROTECTED])
-----BEGIN X509 CRL-----
MIIBvTCBpjANBgkqhkiG9w0BAQQFADBhMR8wHQYJKoZIhvcNAQkBFhBjYW1nckBt
cGNuZXQub3JnMSAwHgYDVQQDExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEPMA0G
A1UEChMGbXBjTkVUMQswCQYDVQQGEwJJVBcNMDEwMjA5MjAxMTE3WhcNMDEwMjE2
MjAxMTE3WjAUMBICAQQfDTAyMDIwOTE4NDk1NFowDQYJKoZIhvcNAQEEBQADggEB
AJw1I8je+5njyyYkgC5+kdOvZ2KJetK0PC0dg4nJQhYdf9VeBvMPk4DVg6vRIz7G
1tc4/NFxAGcb19iaemnSJylGIsjPuqJUJr5NQKaZ5FF5fy1/NrSdnjDXwSQAd6a+
sF9h+vrJnRWWOp8828WbzVjiF+kX+p0OpLIvTvfM8RGs/ucPBIC8B+L2cH34g5UU
0GD6TZm5YegjCajdAxWyiQj/Aie+uvcuezeuuT29ti8LlRDm6NnxAlC791QKcCCe
Am/eRBHtLyQWr9B1QHpOqgbXP74V4Q2H4HwksEw3XCLOVLavTJwJwffqY6/g7P3g
4ef2puHYRt5LYrN4ew1R744=
-----END X509 CRL-----

S/MIME Cryptographic Signature

Reply via email to