On Tue May 12 2009, PETER LIN wrote: > Hi all, > > I need to generate some problematic cert so as to test whether my app > will reject these certs or not. Such x509 cert are like without Issuer > field, Version field, or etc. Is there any command line available to > do the job? Or alternatively I can use c++ to parse in a valid cert, > do some modification, and parse out. >
I have been following this list for quite some time now - from the postings, it seems it is not that hard to generate a broken certificate. ;) **Which is not your question - I am making a joke above** You want "test certificates" with a specific instance of "broke" to test your application error paths. I would expect openSSL to do that for you, but that does not reduce the need for an application developer to *be sure* if they want to test that. Although I can not say how to create those certificates - - I can see how including test certificates in the "contrib" portion of the source might be useful to both yourself and others. Perhaps openSSL users should start a collection of such test objects. Mike > I tried to clear some pointer of a valid X509 structure and wrote out. > Sometime OpenSSL will reject the modified cert (like Issuer ptr > cleared), and sometime wont (in the case of Version ptr cleared). I > wonder while parsing a x509 cert, which component OpenSSL takes as > compulsory, and which are optional? Is my procedure correct? > > Thanks all. > > Peter Lin > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
