On the RHEL6 system which has this problem its using OpenSSL 1.0.1e. Since you indicated OpenSSL 1.0.1f might have the bug fixed, I am going to build the openssl source for OpenSSL 1.0.1f and link it into our MIT Kerberos build and see if that fixes the problem. I will let you know what I find.
Glenn On 8/25/15 8:41 AM, Greg Hudson wrote: > On 08/25/2015 12:50 AM, Glenn Machin wrote: >> Looks like it is an openssl issue, apparently fixed in version 1.0.1f >> . Seems I asked a similar question then and found this on the >> krb5-bugs list - >> http://mailman.mit.edu/pipermail/krb5-bugs/2011-January/008510.html > Thanks for finding this; I remembered that too, but couldn't find the > details. > > After I sent my last response, I was able to produce the "wrong tag" > error with your packet by disabling the use of CMS functions and forcing > the use of PKCS7 functions instead. But it doesn't quite match the > "nested asn1 error" you are seeing, so I'm not sure it's the same thing. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
