Am 08.07.2014 18:10, schrieb T. Travers:
I am new to this forum so please excuse me if I do not do this right.
I am working on a z/OS 1.13 system aka OS/390 aka MVS.
We have the need to parse X509 certificates. We were using an older
version, 0.9.6a, but found that it did not interpret new signing
algorithms correctly. I pulled down 1.0.1h and after a few known
glitches, I was able to compile it.
It does what I need in the sense that it now interprets the newer
algorithms but it fails on the certificate time fields. I am doing this
command
opensslx509 -noout-in /certfile/ -text
and I get this output (serial number and signer removed):
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ...
Validity
Not Before: Bad time value
I am not sure how to proceed. If anyone could instruct me or direct me,
I would appreciate it.
Tim T.
Iirc some parts of the ASN1 code was rewritten in the 0.9.7 line (with
EBCDIC specific parts being commented out). Please look at bug tracker
entry #843 (http://rt.openssl.org/Ticket/Display.html?id=843), which
contains a patch set for 0.9.7c and 0.9.7j. Unfortunately i still found
not enough time for submitting a correspondig patch for the 1.0.x lines,
but maybe the crypto/asn1/* files haven't changed too much for the
patches still being useful.
Ciao,
Richard
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
