Re: PEM file line size

2021-02-25 Thread Benjamin Kaduk via openssl-users
On Thu, Feb 25, 2021 at 03:30:43PM -0800, Frank Liu wrote: > Looking at test cases > https://urldefense.com/v3/__https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/test/recipes/04-test_pem.t__;!!GjvTz_vk!A42D2c2brOwptas6T1iBt9i7pMWhwehkKAmeCuILgR-6iv5n0TQPQ6tkkVgG9A$ > > , openssl

Re: PEM file line size

2021-02-25 Thread Frank Liu
Looking at test cases https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/test/recipes/04-test_pem.t , openssl indeed is a parser that can handle other line sizes than 64 chars. If we were to strictly follow RFC, shouldn't we error out none 64 line size (except last line which could be

Re: ASN.1 encoding error

2021-02-25 Thread Peter Sylvester
Even with sound this would not be BER. i:-) Integers can have 9 or more leading zero bits in BERnot ISO/IEC 8825-1:2008 (E) ITU-T Rec. X.690 (11/2008) 7 8.3 Encoding of an integer value 8.3.1The encoding of an integer value shall be primitive. The contents octets shall consist of one or more

Re: ASN.1 encoding error

2021-02-25 Thread John Robson via openssl-users
That's plausible - although it would be odd that the other similar device hasn't done the same (i.e. BER vs DER). I think I'm going to get some new certs generated, preferably not on the device itself. At least there is a possible explanation of the difference in behaviour that I am seeing.

Re: ASN.1 encoding error

2021-02-25 Thread Benjamin Kaduk via openssl-users
That sounds like the certificate is encoded using ASN.1 BER rules, that openssl accepts, but the python library is insisting on DER encoding (per the spec). -Ben On Thu, Feb 25, 2021 at 05:19:32PM +, John Robson via openssl-users wrote: > Hi all, > > I'm encountering an error connecting to

ASN.1 encoding error

2021-02-25 Thread John Robson via openssl-users
Hi all, I'm encountering an error connecting to a device which as far as I can see has a reasonable certificate... The error coming back (through twisted and python) is: > twisted.python.failure.Failure OpenSSL.SSL.Error: [('asn1 encoding > routines', 'c2i_ibuf', 'illegal padding'), ('asn1

Re: PEM file line size

2021-02-25 Thread Frank Liu
Hi, Since this is undefined behavior, I guess it was accidentally fixed without a bug or being noticed. BTW, I found this openssl bug and pull request fix , but that only fixed PEM line length of 254

Re: PEM file line size

2021-02-25 Thread Matthias Buehlmann
„Parsers MAYhandle other line sizes.These requirements are consistent with PEM [RFC1421 ].“ It‘s not a bug, it‘s undefined behaviour. On Wed, 24 Feb 2021 at 20:20 Frank Liu wrote: > Hi, > > I noticed openssl 1.0.1 and 1.0.2 can't read a certificate PEM

Support of Indirect CRL and How to?

2021-02-25 Thread Romain Viau
Hi everybody, I am trying to implement a complex PKI and some parts are based on a Indirect CRL issued by a specific certificate. I found that the "openssl verify" command works fine if I had the CRL issuer as "-untrusted" argument. But this check doesn't work if I only add the CRLIssuer cert