> My belief is that the presentation should be as an octet string, as
> opposed to a string representation of an integer.
Why?
> Furthermore, serial
> numbers are unsigned, not signed, and generally increment.
Serial numbers *must* be positive. This one is negative. Therefore, it's
broken.
> The problem is that the CA did not embed "00" before the serial number
> of the certificate it signed -- and, by RFC, it is not required to.
It's required to present a positive integer as a serial number. It
failed
to do that.
> The serial number should be presented to the user as an opaque string
> of hex bytes, not (as current) a translation into an integer.
Why? It *is* an integer, why should it not be presented as such?
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
