Re: [openssl-users] Re: X509 V1 version info

Thu, 04 Sep 2008 02:26:35 -0700 

Hello someone there, i stuck at the problem from quite some time.

Could you guys help me in this? A small help in this regard will greately
appreciated.

Thank you very much.

-Madhu

On 9/1/08, Madhusudhan reddy <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
>         Thanks for reply.
>
>         Yes, it is verign certificate. Even though version info NULL
> (X509->cert_info->version == NULL), the certifiate verified as valid, the
> hash creation is equal to the hash in the certificate. I observed, for some
> X509 V1 certificate the version field is NULL, and for some it is not NULL.
> Here Iam attacheing 2 certificates in PEM format. For the cert
> "test_root4.pem" the version fiels is NULL and for the cert "test_root5.pem"
> version field is not NULL.
>
>        But both the certificates verified valid while debugging.
>
>        I couldn't guess why verison info NULL for some certs?
>
> Thanks,
> Madhu
>
>
>
> On 9/1/08, Erwann ABALEA <[EMAIL PROTECTED]> wrote:
>>
>> Hi,
>>
>> Hodie Kal. Sep. MMVIII est, Madhusudhan reddy scripsit:
>> >                Thanks for the reply. What i mean here is while loading
>> X509
>> >    V1 certificate using the API "PEM_read_bio_X509_AUX(), the verisn
>> filed
>> >    itself is null, not the value. Pls check the attached .jpg for the
>> screen
>> >    shot.
>>
>> The version field is defined as:
>> version         [0]  EXPLICIT Version DEFAULT v1
>>
>> The Version type is defined as:
>> Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
>>
>> DEFAULT implies OPTIONAL, and if this field is absent, then it has to
>> be considered a version 1 certificate.
>>
>> I saved your certificate (a VeriSign one, it seems) to a file, and
>> checked its signature:
>> openssl verify -CAfile rootv1.pem rootv1.pem
>> which replied "Ok".
>> Do you have a better example of a "bad" certificate?
>>
>> --
>> Erwann ABALEA <[EMAIL PROTECTED]>
>> -----
>> I can't be stupid, I completed third grade!
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    [email protected]
>> Automated List Manager                           [EMAIL PROTECTED]
>>
>
>
>

Reply via email to