Might I suggest that the right thing in this case would be to keep generation strict, but relax the rules on parsing? "Be conservative in what you send, and liberal with what you receive"?
Clearly the device manufacturer is at fault here, but the punished party is the user - probably not what we should want? Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Stephen Henson via RT Sent: Thursday, February 11, 2016 17:27 To: [email protected] Reply To: [email protected] Cc: [email protected] Subject: [openssl-dev] [openssl.org #4301] [BUG] OpenSSL 1.1.0-pre2 fails to parse x509 certificate in DER format On Thu Feb 11 21:38:18 2016, [email protected] wrote: > The EK certificate is generated and burned into the TPM during > manufacturing. The extraction operation always returns the same certificate. > I meant do you have any other examples of this anomalous encoding or is it some rare glitch in the serial number generation? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4301 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
