Hi,
I'm coming with a strange phenomenon about which I didn't find any answer on the Net (using keywords like garbage, IE, openssl).
I've ben using X509 certificates for couple of years but that was for VPN softwares.
These are not less stricts than browsers but this phenomenon didn't seem to disturb them
neither did for Firefox or Lynx.
Indeed, I already saw this behaviour last year but this didn't annoy me.
Today, It becomes really annoying because this forbids the access to my webmail when using IE on MacIntosh for example.
So. I'd like to know what's going on.
Well, this behaviour can be described as follows :
IE "sees" a few X509 fields as a binary form instead of a simple string. It concerns
subjet, issuer, altsubject, etc
Truly speaking, if I have:
CN=mail.toot.com, OU=toot, O=toot, C=FRIE sees:
CN=0C0D 6D61 696C 2C74 6F6F 742C 636F 6D
OU=0C04 746F 6F74
O=0C04 746F 6F74
C=FR
That is to say that it adds the char 12 (0xC) followed by the string length.One could say that Ie can do whatever it wants but the problem is that this browser doesn't recognize
the site (which URL is in the CN part) because it keeps only the part that represents, for it, a string that is to say
the C=FR part. And, of course, FR is different from mail.toot.net
I tried a few things like modifying the hash algorithm, the DN : no way.
I have other certifictes that IE "sees" correctlly but impossible to find the difference.
The same certificate seens under openssl or Firefox is correct.
If someone has an idea, it is welcome,
Best,
db ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
