Re: zero length of RDNSequence in a GENERAL_NAME problem

Fri, 14 Sep 2007 08:50:33 -0700 

Please find a sample producing this error attached.

Best regards,
Martin

On 9/14/07, Martin Peylo <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm implementing an extension to OpenSSL which has to communicate with
> a 3rd party software. Now I'm having problems parsing it's answers
> since it sends back a "GeneralName" choice, holding a "directoryName"
> with a "RDNSequence" of zero length. I'm using
> "openssl-SNAP-20070816", but as I understand there is no difference to
> today's snapshot in relevant functions.
>
> The following definitions of those ASN.1 structures is taken from RFC 3280:
> GeneralName ::= CHOICE {
>      otherName                       [0]     AnotherName,
>      rfc822Name                      [1]     IA5String,
>      dNSName                         [2]     IA5String,
>      x400Address                     [3]     ORAddress,
>      directoryName                   [4]     Name,
>      ediPartyName                    [5]     EDIPartyName,
>      uniformResourceIdentifier       [6]     IA5String,
>      iPAddress                       [7]     OCTET STRING,
>      registeredID                    [8]     OBJECT IDENTIFIER }
>
> Name ::= CHOICE { -- only one possibility for now --
>       rdnSequence  RDNSequence }
>
> RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
>
> As hex, the GENERAL_NAME part of this message looks like "A4 02 30
> 00". A4 means "4th choice option", 02 is "length 2", 30 is "sequence
> of" and 00 indicates that there are no content octets. If I'm trying
> to d2i a message containing that, it fails with the following error:
> 16362:error:0D09E03A:lib(13):func(158):reason(58):x_name.c:228:
> 16362:error:0D08303A:lib(13):func(131):reason(58):tasn_dec.c:751:
> 16362:error:0D08403A:lib(13):func(132):reason(58):tasn_dec.c:580:
> 16362:error:0D07803A:lib(13):func(120):reason(58):tasn_dec.c:340:Field=d.directoryName,
> Type=GENERAL_NAME
>
> If there is content in that "sequence of" it works without any problem.
>
> When looking into the X.690 ASN.1 DER standard, I found in 8.10.2 "The
> contents octets shall consist of zero, one or more...". So I guess
> that it's allowed that there is *no* "RelativeDistinguishedName" entry
> in a "RDNSequence".
>
> Could it be that OpenSSL does not like this empty "sequence of"?
>
> Best regards,
> Martin
>

Attachment: x509_general_name_err.c.gz
Description: GNU Zip compressed data

Reply via email to