Justin Hsiung wrote:
Hi,
I had a small program as shown below to read a self-signed DER encoded
certificate from
Linux filesystem and still want to keep it in DER format in "buf".
Therefore, I use both
"d2i_X509_bio" & "i2d_X509" to achieve this. Unfortunately, I
encountered some problems
when I printed the contents of the "buf":
1. there were 2 bytes shorter than the original certificate size
2. looks like both the "version" & "serial number" contain 3-byte data
instead of 4 bytes (the
following 9-bytes algorithm MD5withRSA looks ok though). I don't know
what are the
first 10-byte data?
3. Besides 2 bytes shorter, there were several bytes changing their
values w/ unknown reason
4. I use "openssl" with -C option to read this certificate and had the
same problem - 2 bytes
short and some values changed (i.e., my test program should be ok :-)
Does anyone know this strange behaviour or any suggestions? Thank you
very much.
This is the first 32-bytes of data from both original file & "buf"
---- original -----
30 82 02 a6 30 82 02 0f a0 06 02 04 00 00 00 02
02 04 00 00 00 01 30 0d 06 09 2a 86 48 86 f7 0d
01 01 04
how did you create this cert ? The encoding of the asn.1 integer
doesn't like DER encoding (it's not minimal).
---- in buf after d2i_X509_bio & i2d_X509 ----
30 82 02 a4 30 82 02 0d a0 05 02 03 00 00 02 02
03 00 00 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01
04
openssl seems to the first remove leading 0x00 octets when decoding
integers (as leading zero octets are only prepended to distinguish
positive integers ( with highest bit set ) from negative integers).
Nils
PS: Don't post to _both_ mailing lists !
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]