I'm using openssl version 0.9.8h shipped by openSuSE as 0.9.8h-28.10.1 The shortest friendlyName I tried to use was 7 letters long - can this be too long?
I got the same results when using Java's keytool trying to create a keystore or to add the content of a PKCS#12 file to an existing keystore. Everything works fine when no friendlyName is included in the p12 file. Regards Willy Dr. Stephen Henson schrieb: > On Tue, Sep 01, 2009, Willy Weisz wrote: > > >> Being unable to using a PKCS#12 file created by openSSL with 3 different >> applications - Java jarsigner, Firefox/Thunderbird and KeyStoreBuilder >> of the package "not-yet-commons-ssl" >> <http://juliusdavies.ca/commons-ssl/> - I think that the problem may >> well be attributed to an error in the PKCS#12 file. >> >> All 3 errors are due to the use of the "friendlyName" in the PKCS#12 file. >> Even so the Mozilla products don't explain why they don't accept the >> file contents, removing the friendlyName from the the p12 file makes it >> acceptable. >> The java utility jarsigner and KeyStorBuilder 0.3.9 issue the error message: >> "java.io.IOException: Attribute 1.2.840.113549.1.9.20.9.20 should have a >> value DerInputStream.getLength(): lengthTag=32, too big" >> >> OID 1.2.840.113549.1.9.20 represents "PKCS-9 Attribute : friendlyName". >> >> KeyStoreBuilder even tracks the error: >> >> java.io.IOException: Attribute 1.2.840.113549.1.9.20 should have a value >> DerInputStream.getLength(): lengthTag=32, too big. >> at >> sun.security.pkcs12.PKCS12KeyStore.loadSafeContents(PKCS12KeyStore.java:1426) >> at >> sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1291) >> at java.security.KeyStore.load(KeyStore.java:1201) >> at >> org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450) >> at >> org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:341) >> at >> org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:98) >> at >> org.apache.commons.ssl.KeyStoreBuilder.main(KeyStoreBuilder.java:540) >> >> Even so the problem may be attributed to the applications, I suspect >> that the fact that it happens with 3 applications rather points to an >> error in the PKCS#12 file. >> >> > > I have not had any issues with friendlyName attributes in PKCS#12 files. What > version of OpenSSL are you using? > > That error suggests the friendlyName might be too long, have you tried a > smaller one? > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- ----------------------------------------------------------- Willy Weisz European Centre for Parallel Computing at Vienna (VCPC) Institute of Scientific Computing University of Vienna Nordbergstrasse 15/C312 A-1090 Wien Tel: (+43 1) 4277 - 39424 Fax: (+43 1) 4277 - 9394 e-mail: we...@vcpc.univie.ac.at
smime.p7s
Description: S/MIME Cryptographic Signature
