On Thu, Jun 01, 2006, Remo Inverardi wrote: > According to comments in the OpenSSL code, some broken implementations > create certificate requests with missing attributes in the X509_REQ_INFO > structure. I am currently in a situation where I have to deal with such > invalid requests. > > There are workarounds in the OpenSSL code to handle such conditions. > Currently, when creating X509_REQ_INFO structures, the 'attributes' > member is autmatically updated using the rinf_cb() callback in x_req.c. > > Would it make sense to do the same when an X509_REQ_INFO structure is > *loaded*? Please comment on the attached patch. >
That change may not do what you are expecting which you probably shouldn't be doing anyway :-) It wont change the encoding if you call i2d() on it because of internal caching of the received encoding: you'd have to mark the cached encoding invalid first. If you do change the encoding that will break the signature. The only case it would cover is where an application wrongly assumes that the field must be non-NULL. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
