On Fri, Feb 27, 2009, Christian Weber wrote: > > The problem arises when it comes to parsing a dateOfBirth attribute, since is > of ASN1 > type GENERALIZEDTIME. All other are (more or less) strings. > > In OpenSSL GeneralName of Type GEN_DIRNAME is mapped to X509_NAME (see > x509v3.h) > which only may hold string values, but no date value. > > So parsing an AC which contains such an item, it results in parsing failure: > === > ... > 2008:error:0D07808C:asn1 encoding routines:ASN1_ITEM_EX_D2I:mstring wrong tag: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:228: > Type=ASN1_PRINTABLE > 2008:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested > asn1 error: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:749: > Field=value, Type=X509_NAME_ENTRY > 2008:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested > asn1 error: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:710: > 2008:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested > asn1 error: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:710: > 2008:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested > asn1 error: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:749: > 2008:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 > error: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:578: > 2008:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:338: > Field=d.directoryName, Type=GENERAL_NAME > 2008:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested > asn1 error: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:749: > 2008:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:338: > Field=value.thirdPerson, Type=X509_PROCURATION_SIGNINGFOR > 2008:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested > asn1 error: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:749: > 2008:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 > error: > X:\openssl\openssl-0.9.8g\crypto\asn1\tasn_dec.c:578: > Field=signingFor, Type=X509_PROCURATION > === > which is correct since GENERALIZEDTIME is not a string. In tasn_dec, line 227 > ASN1_tag2bit > returns 0x00008000 (B_ASN1_GENERALIZEDTIME) while it->utype is 0x00013d16 > (B_ASN1_PRINTABLE, I guess). > > How can I convince OpenSSL to accept dateOfBirth as allowable type in this > case? >
Well some non-string types are accepted already. All you need to do is OR B_ASN1_GENERALIZEDTIME to the B_ASN1_PRINTABLE type: see crypto/asn1/asn1.h Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
