Thank you! I hadn't realized that the encoding should be primitive when encoding the good answer and constructed when encoding the revoked answer. It works just fine now. Once again, thank you!
Regards, John Allberg -----Ursprungligt meddelande----- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För Dr. Stephen Henson Skickat: den 25 februari 2005 21:05 Till: openssl-users@openssl.org Ämne: Re: Signature verification of OCSP Response The problem is indeed due to a mismatch when the reponse is reencoded. However it looks like the encoding of CertStatus is invalid: CertStatus ::= CHOICE { good [0] IMPLICIT NULL, revoked [1] IMPLICIT RevokedInfo, unknown [2] IMPLICIT UnknownInfo } in the response causing the problem the constructed flag is set on the context specific [0], OpenSSL reencodes it without the flag and that causes the problem. If OpenSSLs ASN1 parser was more strict it would reject the response as an invalid encoding. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
