Hi,
I'm implementing an extension to OpenSSL which has to communicate with
a 3rd party software. Now I'm having problems parsing it's answers
since it sends back a "GeneralName" choice, holding a "directoryName"
with a "RDNSequence" of zero length. I'm using
"openssl-SNAP-20070816", but as I understand there is no difference to
today's snapshot in relevant functions.
The following definitions of those ASN.1 structures is taken from RFC 3280:
GeneralName ::= CHOICE {
otherName [0] AnotherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
Name ::= CHOICE { -- only one possibility for now --
rdnSequence RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
As hex, the GENERAL_NAME part of this message looks like "A4 02 30
00". A4 means "4th choice option", 02 is "length 2", 30 is "sequence
of" and 00 indicates that there are no content octets. If I'm trying
to d2i a message containing that, it fails with the following error:
16362:error:0D09E03A:lib(13):func(158):reason(58):x_name.c:228:
16362:error:0D08303A:lib(13):func(131):reason(58):tasn_dec.c:751:
16362:error:0D08403A:lib(13):func(132):reason(58):tasn_dec.c:580:
16362:error:0D07803A:lib(13):func(120):reason(58):tasn_dec.c:340:Field=d.directoryName,
Type=GENERAL_NAME
If there is content in that "sequence of" it works without any problem.
When looking into the X.690 ASN.1 DER standard, I found in 8.10.2 "The
contents octets shall consist of zero, one or more...". So I guess
that it's allowed that there is *no* "RelativeDistinguishedName" entry
in a "RDNSequence".
Could it be that OpenSSL does not like this empty "sequence of"?
Best regards,
Martin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
