Looks like OpenSSL has a problem/feature of garbage-in garbage-out. It's a
problem because it does not comply with the RFC and a feature because it
lets OpenSSL work with broken clients.
My OCSP request from some time ago had the encoding error of encoding the
default values and it looks like OpenSSL just returns the encoding of the
nonce extension that it got rather than re-encoding it as DER. Actually
the encoding can be BER but the ... signature SHALL be computed on the
hash of the DER encoding ... is clear.
This explains why OpenSSL now works for me - because the request (with
nonce) from my end is now DER encoded.
Regards,
Simon McMahon
Simon McMahon/Australia/Contr/[EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
01/10/2007 12:56 PM
Please respond to
openssl-users@openssl.org
To
openssl-users@openssl.org
cc
Subject
OCSP response nonce extension encoding not DER
Hi,
Just saw some weirdness in OCSP response encodings with a nonce extension.
The OCSP response has this for the extensions:
A1 1E
30 1C
30 1A
06 09 2B 06 01 05 05 07 30 01 02
01 01 00 ---
04 0A 04 08 A5 10 18 67 E5 A4 8B 2C
The sencond last item is the 'false' (00) for the 'critical' field.
'false' is the default value (rfc 3280) so should not appear in a DER
encoding.
Here is another OCSP response extension and this is how it should be for
DER:
A1 1B
30 19
30 17
06 09 2B 06 01 05 05 07 30 01 02
04 0A 04 08 D4 4C 29 A8 C6 1A 16 56
The 'false' is not there.
Note that afaik both were produced by the same version of OpenSSL but at
different times. I haven't been able to reproduce the one containing the
'false' and since I cant reproduce a response like this, and the most
recent one I produced was OK I'm not 100% sure what is going on.
I only noticed this because my validitator used to accept the first
response, now it rejects it. It reencodes the resp to DER, before checking
the sig. RFC 2560 says the signature SHALL be computed on the hash of the
DER encoding The error I get is a bad signature.
The entire ocsp response is attached.
Simon McMahon
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]