Nils Larsch wrote: > > Paul L. Allen wrote: > > One of our customers showed up with a certificate that OpenSSL's x509 > > subcommand doesn't appear to like. It complains about the public key: > > > > [paula@bluesky C_pdp]$ /usr/local/ssl/bin/openssl x509 -in > > HASMClient1.cer -inform der -text > > [...] > > Subject Public Key Info: > > Public Key Algorithm: dsaEncryption-old > > Unable to load Public Key > > 1464:error:0D089004:asn1 encoding routines:d2i_DSAparams:nested asn1 > > error:d2i_dsap.c:94: > > [...] > > > > Are there some flavors of DSA that OpenSSL doesn't grok? Or has our > > customer got a bogus cert? Or...? > > > > The above trace is from 0.9.6g on Linux. I get similar results from > > 0.9.6a on Solaris. The 0.9.6b that came with my RedHat 7.2 seg faults > > right after printing the error. > > Does it work with 0.9.7 ? Can you give us the result of > 'openssl asn1parse -inform der -in HASMClient1.cer -i' or > even better can you give us the certificate ?
The asn2parse command liked the certificate fine, both on 0.9.6b and on 0.9.6g. I'll have to fetch and build 0.9.7 in order to test with it. I'll have to check with my customer about releasing the certificate. They are an intermediary between me and a project that's too black for my security clearance. I wouldn't want to reveal something that allows a third party to infer details of the project. Thanks! Paul Allen -- Boeing Phantom Works \ Paul L. Allen, (425) 865-3297 Math & Computing Technology \ [EMAIL PROTECTED] POB 3707 M/S 7L-40, Seattle, WA 98124-2207 \ Prototype Systems Group ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]