On Friday September 2nd 2005 Christian Weber:
> Sorry again I missed to write that openssl asn1parse does work on the file.
>
> The file has been generated esternally (i.e. by german telesec), so
> we need to know what's wrong with the data to openssl.
>
> Marco: What parameters are you writing about?
As said earlier I'm no expert. In PKCS7 there can be encoded a great
many extensions and fields through the general ASN.1 encoding.
All I know is that the parse routines from OpenSSL are sometimes
somewhat brittle when confronted with all these exotic extensions.
You might argue whether this is a bug or a feature as ignoring errors
skipping unknown features might cryptographically not be a good idea.
As found in the "RESTRICTIONS" section of the 'pkcs7' manpage:
There is no option to print out all the fields of a PKCS#7 file.
This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in
RFC2315 they cannot currently parse, for example, the new CMS as
described in RFC2630.
The original error message specified "5655:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1282:", so that might
mean for example getting confused by a "T61STRING" instead of a
"PRINTABLESTRING" or a "IA5STRING". Building OpenSSL with debug
information and running it through the debugger with this input file
would perhaps pinpoint the exact (first) problem that OpenSSL sees. And
perhaps it can be fixed than.
--
Marco Roeland
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
