[PATCH] - OS390-Unix (EBCDIC) 0.9.8e When an OpenSSL server built on z/OS is using client verification, the following error is incurred:
0x140890b2 - error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned >From tracing, we found the correct certificate was being returned. We found the code in crypto/x509/x509_vfy.c will not work in an EBCDIC environment, as the data is in ASCII. The solution is to translate the ASCII to EBCDIC, prior to the validation process. John B. Young Here's the patch, in diff -u form: --- old/x509_vfy.c 2007-12-11 10:43:14.000000000 -0800 +++ new/x509_vfy.c 2007-12-11 10:38:18.000000000 -0800 @@ -1045,6 +1045,9 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) { char *str; +#ifdef CHARSET_EBCDIC + char strx[40]; +#endif ASN1_TIME atm; long offset; char buff1[24],buff2[24],*p; @@ -1052,7 +1055,12 @@ p=buff1; i=ctm->length; +#ifdef CHARSET_EBCDIC + ascii2ebcdic( strx, ctm->data, ctm->length ); + str=strx; +#else str=(char *)ctm->data; +#endif if (ctm->type == V_ASN1_UTCTIME) { if ((i < 11) || (i > 17)) return 0; ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]