On Sun, Sep 19, 2004, Dr. Stephen Henson wrote:
> On Thu, Sep 16, 2004, Antonio Ruiz Mart�nez wrote:
> > I tried to put the sequence in an octet_string and with that way there
> > is no problem but I would like to use the SEQUENCE directley if it is
> > possible.
> >
>
> I tried that test file and it chokes several asn1 parsing tools. It looks like
> the attribute is added OK and then things go badly amiss after it. This would
> be the case if you'd added the PKCS#7 structure along with some trailing data,
> for example if the length was wrong you passed to ASN1_STRING_set().
>
>
This appears to indeed be the case. dumpasn1 will partly display the structure
but chokes later on. Here is the start of the attribute:
1186 A1 1345: [1] {
1190 30 1341: SEQUENCE {
1194 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
1205 31 1326: SET {
1209 30 1257: SEQUENCE {
The last SET length field is noticeably larger than the following SEQUENCE.
This suggests there's some extra invalid data after the SEQUENCE.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
