On Thu, Apr 09, 2015, Juan Antonio Osorio wrote: > Hi, > > I've recently encountered that OpenSSL is sending some unexpected errors > when reading X.509 certificate requests, if the key is not specified, or > the CSR is not signed. >
Well if a key is not specified ot the CSR isn't signed then it isn't a valid CSR and OpenSSl should reject it. Previous versions included a bogus OID when generating such a CSR which meant it could be parsed (but it was still invalid). The encoder should really reject this and refuse to encode it but applications might not expect an error from the encoder. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
