The encoding is invalid BER.
The openssl is tolerant but also destructive in copy.
whenever you use openssl x509 -in -out ... you remove one leading 0 octet.
IMHO openssl should reject the cert because of invalid encoding.
On 08/29/2010 04:17 AM, Mounir IDRASSI wrote:
Hi,
The problem you a
Hi Peter,
Although the certificate's encoding of the serial number field breaks the
BER specification about the minimal bytes representation, it is known that
many CA's and libraries treat this field as a blob and usually encode it
on a fixed length basis without caring about leading zeros.
Specif
We're trying to generate self signed certs and don't seem to keep the
attributes after a csr is signed by a self generated CA via openssl (i.e.: OIDs
specified in openssl.cfg drop off the server cert after signed, thus creating a
V1 cert).
Here is an example of the syntax I'm using:
Generat
Hello,
We're trying to generate self signed certs and don't seem to keep the
attributes after a csr is signed by a self generated CA via openssl (i.e.: OIDs
specified in openssl.cfg drop off the server cert after signed, thus creating a
V1 cert).
Here is an example of the syntax I'm using:
On 08/29/2010 01:20 PM, Mounir IDRASSI wrote:
Hi Peter,
Although the certificate's encoding of the serial number field breaks the
BER specification about the minimal bytes representation, it is known that
many CA's and libraries treat this field as a blob and usually encode it
on a fixed length
On 08/29/2010 07:38 PM, Mounir IDRASSI wrote:
Hi Peter,
Thank you for your comments.
As I said, this kind of debates can be very heated and going down this
road don't lead usually to any results.
The debate may be whether and how something should be
done in openssl, I admit I had started that
> From: owner-openssl-us...@openssl.org On Behalf Of Sam Jantz
> Sent: Friday, 27 August, 2010 18:16
> I have a question concerning Keep-Alives. I'm writing a SSL
proxy
> (which is working great except for this issue) and every time I
> [POST about 470KB rather than about
> From: owner-openssl-us...@openssl.org On Behalf Of Peter Sylvester
> Sent: Sunday, 29 August, 2010 05:44
> The encoding is invalid BER.
> The openssl is tolerant but also destructive in copy.
>
> whenever you use openssl x509 -in -out ... you remove one
> leading 0 octet.
>
> IMHO openssl sh
> From: owner-openssl-us...@openssl.org On Behalf Of Devin Ceartas
> Sent: Friday, 27 August, 2010 16:21
> To: openssl-users@openssl.org
> Subject: Fallback certs
>
> Is it possible to have a preferred certificate (say, one I created
> myself and signed with my own root) and have connections to
> From: owner-openssl-us...@openssl.org On Behalf Of Andy GOKTAS
> Sent: Friday, 27 August, 2010 13:00
> To: openssl-users@openssl.org
> Subject: Need help with signing a csr with a openssl generated CA.
>
> Hello,
>
> We're trying to generate self signed certs and don't seem to
> keep the att
10 matches
Mail list logo
