On Tue, Sep 21, 2004, [EMAIL PROTECTED] wrote:
>
> Hallo,
>
> With the current version of openssl when parsing the X.509 name
> (d2i_X509_NAME), a problem occurs when there is a PostalAddress
> sequence within the X.509 name. Below you have the openssl error traces
> during the parsing.
>
> 1808:error:0D07808C:asn1 encoding routines:ASN1_ITEM_EX_D2I:mstring
> wrong tag:tasn_dec.c:188:Type=ASN1_PRINTABLE
> 1808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
> error:tasn_dec.c:566:Field=value, Type=X509_NAME_ENTRY
> 1808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
> error:tasn_dec.c:542:
> 1808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
> error:tasn_dec.c:542:
>
> PostalAddress is defined as follows:
>
> id-at-postalAddress AttributeType ::= { id-at 16 }
> PostalAddress ::= SEQUENCE SIZE (1..6) OF DirectoryString
>
>
> X509 Entry is defined as :
>
> ASN1_SEQUENCE(X509_NAME_ENTRY) = {
> ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
> ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
> } ASN1_SEQUENCE_END(X509_NAME_ENTRY)
>
>
> Question:
>
> What must we do to get a correct parsing ?
>
That's a tricky one. Its not easy to fix because the structure (which has been
around since SSLeay days) assumes a string type. A quick solution is to allow
the V_ASN1_SEQUENCE type in there too but it wont be displayed properly and
can't be prompted for in the standard utilities.
Can you send me a sample certificate including PostalAddress?
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
