Hello, here's the story started at [EMAIL PROTECTED] list several
weeks ago. To summarize, the following certificate was generated
by Microsoft software and, when dumped by OpenSSL 0.9.5a, its
modulus seems to be completely broken.
Also take a look at the length of
the modulus in bits. Nominally
Ben Laurie wrote:
The bug is in MS - they are encoding a top-bit-set number without
inserting a leading zero, so OpenSSL (correctly) sees it as negative.
The output of openssl x509 is not very explicit.
It probably should fail, instead of diplaying it as a 510 bits number without saying
it's
PaweM-3 Krawczyk [EMAIL PROTECTED] writes:
My question is if this is a bug in MS software (it shouldn't be generating
such certs), or OpenSSL is getting this wrong as a signed number?
AFAIK it's bugs in both. MS have always got the sign bit wrong in their
encoding, but it's not that much of a
Jean-Marc Desperrier wrote:
Ben Laurie wrote:
The bug is in MS - they are encoding a top-bit-set number without
inserting a leading zero, so OpenSSL (correctly) sees it as negative.
The output of openssl x509 is not very explicit.
It probably should fail, instead of diplaying it as a