On Thu, Sep 11, 2014 at 09:32:26AM -0400, Salz, Rich wrote: > I think the bug is that we need to ouput a leading zero to avoid confusing > the number as negative.
It's my understanding that for the encoding of the number without the leading 00 we need to go and add the 00 in front of it because we would otherwise create a negative number and those aren't allowed by RFC5280, so we would write that one with the leading 00. But I don't see a reason why the encoding can't have multiple leading 00s in it, and for instance always have a fixed size. So the question is are serial numbers matched based on the number themself or on the binary form? I can't find anything currently that says how to compare them, but I would actually expect that the binary represenation should be the same. And if the binary represenation is important, I think we should print the leading 00s if there are any. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
