On Thu, 2003-07-31 at 15:25, Dr. Stephen Henson wrote:
> On Thu, Jul 31, 2003, Samuel Meder wrote:
>
> > I'm currently working on updating our code to work with 0.9.7 and am
> > hitting a few snags:
> >
> > * Handling of critical extensions has changed (no big deal, just needed
> > to make our code tell openssl to ignore critical extensions)
> >
> > * I know get a core dump when trying to print a extension written
> > against the ASN1 code in 0.9.6 (extension is described in
> > http://www.ietf.org/internet-drafts/draft-ietf-pkix-proxy-07.txt). The
> > same code works fine with 0.9.6. A stack trace from the dump:
> >
> > #0 0x40131060 in ASN1_item_ex_d2i (pval=0xbfffefac, in=0xbffff008, len=14,
> > it=0x40056aeb, tag=-1, aclass=0, opt=0 '\0', ctx=0xbfffefb0)
> > at tasn_dec.c:148
> > 148 if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
> > (gdb) where
> > #0 0x40131060 in ASN1_item_ex_d2i (pval=0xbfffefac, in=0xbffff008, len=14,
> > it=0x40056aeb, tag=-1, aclass=0, opt=0 '\0', ctx=0xbfffefb0)
> > at tasn_dec.c:148
> > #1 0x40130fc8 in ASN1_item_d2i (pval=0xbfffefac, in=0xbffff008, len=14,
> > it=0x40056aeb) at tasn_dec.c:115
> > #2 0x40149b2a in X509V3_EXT_print (out=0x805d368, ext=0x805c9e8, flag=0,
> > indent=12) at v3_prn.c:119
> > #3 0x40149e07 in X509V3_extensions_print (bp=0x805d368,
> > title=0x4018c08b "X509v3 extensions", exts=0x805c4f8, flag=0, indent=12)
> > at v3_prn.c:187
> > #4 0x4012cbb4 in X509_print_ex (bp=0x805d368, x=0x805b2f0, nmflags=0, cflag=0)
> > at t_x509.c:238
> > #5 0x4012c53b in X509_print_ex_fp (fp=0x402ecc40, x=0x805b2f0, nmflag=0,
> > cflag=0) at t_x509.c:90
> > #6 0x4012c4ba in X509_print_fp (fp=0x402ecc40, x=0x805b2f0) at t_x509.c:76
> > #7 0x08049f9f in main (argc=2, argv=0xbffffa04) at grid_proxy_info.c:522
> >
> > Any ideas?
> >
>
> Hard to tell without seeing your code. What extension does it implement?
It implements
ProxyCertInfoExtension ::= SEQUENCE {
pCPathLenConstraint ProxyCertPathLengthConstraint
OPTIONAL,
proxyPolicy ProxyPolicy }
ProxyCertPathLengthConstraint ::= INTEGER
ProxyPolicy ::= SEQUENCE {
policyLanguage OBJECT IDENTIFIER,
policy OCTET STRING OPTIONAL }
> 0.9.6 ASN1 code should work with 0.9.7 but that hasn't been extensively
> tested. The old ASN1 did some horrible things which was one reason why it was
> replaced.
>
> The X509V3_EXT structure has a new ASN1_ITEM field in it. Make sure that is
> set to NULL.
Ahh, that fixed it. Many thanks.
> You might try converting the ASN1 module to 0.9.7 standard, that should be
> fairly painless (see the examples all over the new code).
I will eventually. Just wanted to get things to work quickly.
> > Another question I have is whether there is a official end-of-life date for 0.9.6?
> >
>
> Only bug fixes will be committed to 0.9.6 and then only fairly critical ones.
> It will still be supported (for some value of "supported") for a while yet
> though but any new code is strongly advised to use 0.9.7.
Ok.
Thanks for the help.
/Sam
> Steve.
> --
> Dr Stephen N. Henson.
> Core developer of the OpenSSL project: http://www.openssl.org/
> Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
> Email: [EMAIL PROTECTED], PGP key: via homepage.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
