thanks Steve,
> Excellent, someone has actually included the data for a change.
>
> The problem is that the request is improperly encoded.
I looked in the request. Version is 2, but in PKCS10 is version 1. Maybe
there is the problem.
(where is defined pkcs10 version 2?)
>
> It uses a non standard attribute which looks like an variant on the
> certificate extension request (the standard is now in PKCS#9) but
> instead of the normal SEQUENCE OF EXTENSION if uses multiple attribute
> values (a SET OF) each containing an extension.
Please explain me, SET OF must be sorted?
in pkcs10 is written:
CertificationRequestInfo ::= SEQUENCE {
version INTEGER { v1(0) } (v1,...),
subject Name,
subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
attributes [0] Attributes{{ CRIAttributes }}
}
Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
type ATTRIBUTE.&id({IOSet}),
values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
}
in the request is used:
SET
SEQUENCE
extension1
SEQUENCE
extension2
SEQUENCE
extension3
normal is:
SET
SEQUENCE
extension1
extension2
extension3
but both is possible, i think.
>
> SET OF should be sorted but the request is not sorted, or not sorted
> correctly.
where is defined order?
> I suppose it is possible to make OpenSSL to retain the original encoding
> and work out signatures from that.
I thought that signature are compute from original source and than is decode
content.
Martin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
