On Tue, Jan 14, 2003, Paul Koster wrote: > Working on code to read/process and create x509 certificates I encountered > the following. > > The following code results in an ASN1_TIME structure with internal length > field > of 14 (date1->length =14). > date1 = ASN1_TIME_new(); > ASN1_GENERALIZEDTIME_set_string(date1, "20020819093712"); > > When extracting time out an existing certificate however with this date/time > would result in a length field of 15 (date2->length = 15). > ASN1_GENERALIZEDTIME *date2 = ASN1_TIME_to_generalizedtime > (X509_get_notBefore(cert), NULL); > > Consequently ASN1_STRING_cmp(date1, date2) fails, although the strings are > exactly the same, 14 characters that make up the date, followed by \0. > > Have I missed something or is there a bug somewhere?
Was this existing certificate created using OpenSSL? What does the time in this existing certificate look like? That is what length is reported by asn1parse on it. In particular does the certificate encoding include the trailing \0? Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
