Hi,
It seems that header/footer pair
"-----BEGIN CERTIFICATE REQUEST-----/
-----END CERTIFICATE REQUEST-----"
is *not* mentioned in the PKCS#10 and maybe was
invented by the OpenSSL team.
Some PC/SC related software (say CSSI of Charismathics)
produces CSR without these lines -
neither in DER nor in PEM formats.
(CSR defaults to DER here, BTW.)
Today OpenXPKI relies on absence/presence of these lines
to decide if an uploaded CSR is in DER/PEM format.
Hence OpenXPKI is confused with CSR fabricated by CSSI.
Let me suggest the following criterion to distinguish
DER/PEM for the uploaded CSR:
if (all bytes of the CSR belong to the BASE64 subset)
then (it is PEM,
if header/footer pair is present,
let CSR go to the openssl as PEM,
else add header/footer pair
and let CSR go to the openssl as PEM
)
else (it is DER, let CSR go to the openssl as DER)
What do you think?
All the best, Sergei
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
OpenXPKI-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-devel
