On 04/03/19 10:21, Wolfgang Knauf wrote:
Hi,
the output is this:
C:\Program Files\OpenVPN\bin>openssl.exe asn1parse -i -in
..\config\ssl_h...@l1139218.vt-security.de\l1139218.vt-security.de.user.crt
Error: offset too large
Would it be OK if I send the crt file to only your mail adress? I don't feel
save by posting it to the mailing list ;-)?
I ran into the "offset too large" problem myself with my own certs as
well. It turns out the 'asn1parse' util only likes PEM blobs, i.e. the
parts starting with --BEGIN CERTIFICATE--
You can use
openssl x509 -in l1139218.vt-security.de.user.crt -out | openssl
ans1parse
to work around this.
For your certificates this results in
0:d=0 hl=4 l= 942 cons: SEQUENCE
4:d=1 hl=4 l= 791 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 9 prim: INTEGER :C604316CD0321FA1
24:d=2 hl=2 l= 13 cons: SEQUENCE
26:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
37:d=3 hl=2 l= 0 prim: NULL
[...]
155:d=2 hl=2 l= 30 cons: SEQUENCE
157:d=3 hl=2 l= 13 prim: UTCTIME :160418140054Z
172:d=3 hl=2 l= 13 prim: UTCTIME :370308132808Z
187:d=2 hl=2 l= 88 cons: SEQUENCE
189:d=3 hl=2 l= 11 cons: SET
191:d=4 hl=2 l= 9 cons: SEQUENCE
193:d=5 hl=2 l= 3 prim: OBJECT :countryName
198:d=5 hl=2 l= 2 prim: PRINTABLESTRING :de
In other words, the dates look OK to me.
Also, I've thrown my own verification code against the certificate and
everything checks out OK.
I'll see if I can reproduce the issue in my own OpenVPN setup.
HTH,
JJK / Jan Just Keijser
