Dear, I have some trouble with CRL creations and some certificates serial number.
I wrote some code using OpenSSL 0.9.6 to create and sign a CRL. I can specify the serial number (hex) of the certificates which I want to revoke. Everything works fine, except for some serial number: If a my serial number starts with a number higher than 7, OpenSSL adds 00 before it. Ex: 7FF5A2 -> 7FF5 A2 : Correct 8FF5A2 -> 008F F5A2 : Incorrect FFF5A2 -> 00FF F5A2 : Incorrect I suspect that there is a trouble with a conversion (signed -> unsigned). This is my code to add a revoked certificate: (void)BIO_reset(hex); if (!BIO_puts(hex,pp[DB_serial])) goto err; if (!a2i_ASN1_INTEGER(hex,r->serialNumber,buf[0],BSIZE)) goto err; sk_X509_REVOKED_push(ci->revoked,r); What can I do to solve this problem? Blaise --------------------------------------- Blaise Lugeon Nagracard (+41) 021-732 07 18 KUDELSKI SA Route de Genève 22 1033 Cheseaux SWITZERLAND ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]