AW: openssl can don' t handle 20 Octes long Serial Numbers RFC 32 80

thomas . beckmann Wed, 11 Jan 2006 07:54:22 -0800

Michael,

just for my curiousity... who ist the issuer of the certificate?

Best regards

Thomas

Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bohn, Michael
Gesendet: Mittwoch, 11. Januar 2006 07:20
An: [email protected]
Betreff: openssl can don' t handle 20 Octes long Serial Numbers RFC 3280

Hi all,

sorry that I send the same e-mail again but I did't find any answer to my last one.

We have the case that openssl can not handle long serial numbers.

In ower case we have this Serail Nr. 9a 38 74 00 00 00 00 25 be

but OpenSSL 0.9.7e 25 Oct 2004 print this:

openssl x509 -in file -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
             (Negative)65:c7:8b:ff:ff:ff:ff:da:42

windows cisco and mozilla can handle this SN without any problems.

################ RFC 3280       ############################

RFC 3280        Internet X.509 Public Key Infrastructure      April 2002

   Given the uniqueness requirements above, serial numbers can be
   expected to contain long integers. Certificate users MUST be able to
   handle serialNumber values up to 20 octets. Conformant CAs MUST NOT
   use serialNumber values longer than 20 octets.

###############################################################

best regards

Michael

AW: openssl can don' t handle 20 Octes long Serial Numbers RFC 32 80

Reply via email to