On Fri, Dec 06, 2002, Stefan Kotes wrote: > Mr. Henson, > I understand the reason for retaining this behavior, but there is one > problem with this approach. The OpenSSL library also becomes generator of > broken encoding, if these DEFAULT SEQUENCE components are populated with > default values. > It is kind of vicious cycle. The OpenSSL library is basically correctly DER > encoding the SEQUENCE structures only if these DEFAULT SEQUENCE components > with default values are missing (NULL). >
That's why the structures should be populated by wrapper functions which handle this case. For example X509_EXTENSION_set_critical(), though the set_version forms don't curently have this functionality. I suppose at some point in future an additional template 'interpreter' could be added to the new ASN1 code to handle field setting to default values automatically. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
