Hello Experties there, could you pls help me?
On Thu, Sep 4, 2008 at 3:45 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
> Honestly, I'm not sure. DER says that there is One True Encoding for
> any given certificate, and I think (but am not sure) that part of it
> is that "optional" parameters are not an option if the intended values
> match the defaults.
>
> I would guess that one of these is actually in violation of the rules,
> but I'm not enough of an expert on BER/DER encoding to be able to know
> for certain.
>
> -Kyle H
>
> On Mon, Sep 1, 2008 at 5:34 AM, Madhusudhan reddy
> <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > Thanks for reply.
> >
> > Yes, it is verign certificate. Even though version info NULL
> > (X509->cert_info->version == NULL), the certifiate verified as valid, the
> > hash creation is equal to the hash in the certificate. I observed, for
> some
> > X509 V1 certificate the version field is NULL, and for some it is not
> NULL.
> > Here Iam attacheing 2 certificates in PEM format. For the cert
> > "test_root4.pem" the version fiels is NULL and for the cert
> "test_root5.pem"
> > version field is not NULL.
> >
> > But both the certificates verified valid while debugging.
> >
> > I couldn't guess why verison info NULL for some certs?
> >
> > Thanks,
> > Madhu
> >
> >
> >
> > On 9/1/08, Erwann ABALEA <[EMAIL PROTECTED]> wrote:
> >>
> >> Hi,
> >>
> >> Hodie Kal. Sep. MMVIII est, Madhusudhan reddy scripsit:
> >> > Thanks for the reply. What i mean here is while loading
> >> > X509
> >> > V1 certificate using the API "PEM_read_bio_X509_AUX(), the verisn
> >> > filed
> >> > itself is null, not the value. Pls check the attached .jpg for the
> >> > screen
> >> > shot.
> >>
> >> The version field is defined as:
> >> version [0] EXPLICIT Version DEFAULT v1
> >>
> >> The Version type is defined as:
> >> Version ::= INTEGER { v1(0), v2(1), v3(2) }
> >>
> >> DEFAULT implies OPTIONAL, and if this field is absent, then it has to
> >> be considered a version 1 certificate.
> >>
> >> I saved your certificate (a VeriSign one, it seems) to a file, and
> >> checked its signature:
> >> openssl verify -CAfile rootv1.pem rootv1.pem
> >> which replied "Ok".
> >> Do you have a better example of a "bad" certificate?
> >>
> >> --
> >> Erwann ABALEA <[EMAIL PROTECTED]>
> >> -----
> >> I can't be stupid, I completed third grade!
> >> ______________________________________________________________________
> >> OpenSSL Project http://www.openssl.org
> >> User Support Mailing List openssl-users@openssl.org
> >> Automated List Manager [EMAIL PROTECTED]
> >
> >
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
