Am 08.07.2014 18:10, schrieb T. Travers:
I am new to this forum so please excuse me if I do not do this right. I am working on a z/OS 1.13 system aka OS/390 aka MVS. We have the need to parse X509 certificates. We were using an older version, 0.9.6a, but found that it did not interpret new signing algorithms correctly. I pulled down 1.0.1h and after a few known glitches, I was able to compile it. It does what I need in the sense that it now interprets the newer algorithms but it fails on the certificate time fields. I am doing this command opensslx509 -noout-in /certfile/ -text and I get this output (serial number and signer removed): Certificate: Data: Version: 3 (0x2) Serial Number: xxxx Signature Algorithm: sha256WithRSAEncryption Issuer: C=GB, ... Validity Not Before: Bad time value I am not sure how to proceed. If anyone could instruct me or direct me, I would appreciate it. Tim T.
Iirc some parts of the ASN1 code was rewritten in the 0.9.7 line (with EBCDIC specific parts being commented out). Please look at bug tracker entry #843 (http://rt.openssl.org/Ticket/Display.html?id=843), which contains a patch set for 0.9.7c and 0.9.7j. Unfortunately i still found not enough time for submitting a correspondig patch for the 1.0.x lines, but maybe the crypto/asn1/* files haven't changed too much for the patches still being useful.
Ciao, Richard ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
