> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dr. > Stephen Henson > Sent: Monday, September 22, 2003 2:47 PM > To: [EMAIL PROTECTED] > Subject: Re: d2i_X509 vs. ASN1_item_d2i > > > On Mon, Sep 22, 2003, Markus Lorch wrote: > > > Hi, > > > > I was under the impression that the following two code > fragments are > > equivalent. But the first can successfully decode a BER encoded > > certificate (in "value"), while the second fails - data too > long. When should > > ASN1_item_d2i_bio be used? > > > > > > cert = d2i_X509(NULL,(unsigned char **) &value, valueLen); > > > > > > in = BIO_new_mem_buf(value, valueLen); > > cert = (X509 *) ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), in, NULL); > > > > > > They should both work unless there's something odd choking > the BIO version. > What happens if you call d2i_X509_bio() on the BIO or: > > openssl x509 -inform DER -in cert.der
that also works with the cert. Please note that the certificate comes out of a PKCS11 device and thus is BER encoded dumpasn1 can also read the certificate without problems and reports no errors. > > If you get errors in all cases can you send me the > certificate that does this? sure, already on its way :) > > The two aren't exactly equivalent. The BIO version has a > routine which locates > the end of the ASN1 data and then passes the length to d2i_X509(). Its > possible that this routine is being confused by the data. That sounds plausible as the exact error was: asn1 encoding routines: ASN1_get_object:too long:asn1_lib.c:130 Markus > > Steve. > -- > Dr Stephen N. Henson. > Core developer of the OpenSSL project: http://www.openssl.org/ > Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ > Email: [EMAIL PROTECTED], PGP key: via homepage. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
