On 26-May-14 12:31, Matt Caswell via RT wrote: > This is a feature not a bug ;-) > > This is actually by design, in that asn1parse is capable of handing arbitrary > base64 encoded data (without the PEM BEGIN and END markers). As such it's not > quite as simple as just modifying the behaviour to work in the way that you > have described (since this would break the capability to read plain base64 > data). > > However it does seem reasonable to be able to process PEM files with data > prior > to the BEGIN markers, so I have added a new option "-strictpem" to cater for > this scenario: > > http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6b5c1d940b5a653a24b91d3c52bca935399b713c > > Matt > Thank you for working on this issue.
Searching for a "-----BEGIN " line only addresses only 1/2 the problem. For -strictpem to live up to its name, it also needs to stop reading data when it encounters a line beginning with "-----END ". I don't see logic for that in your commit... For what it's worth, note that '-' is not a valid base64 character (at least, in the PEM variant that's of interest to OpenSSL). So one could autodetect the input format -- if the input contains a line beginning with '-', it's either PEM format, or invalid data. Since asn1parse isn't used on huge files, this wouldn't be expensive. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
