On Mon, Sep 22, 2003, Markus Lorch wrote: > Hi, > > I was under the impression that the following two code fragments are > equivalent. But the first can successfully decode a BER encoded > certificate (in "value"), while the second fails - data too long. When should > ASN1_item_d2i_bio be used? > > > cert = d2i_X509(NULL,(unsigned char **) &value, valueLen); > > > in = BIO_new_mem_buf(value, valueLen); > cert = (X509 *) ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), in, NULL); > >
They should both work unless there's something odd choking the BIO version. What happens if you call d2i_X509_bio() on the BIO or: openssl x509 -inform DER -in cert.der If you get errors in all cases can you send me the certificate that does this? The two aren't exactly equivalent. The BIO version has a routine which locates the end of the ASN1 data and then passes the length to d2i_X509(). Its possible that this routine is being confused by the data. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
