Le 22/09/2011 16:10, Dr. Stephen Henson a écrit :
On Thu, Sep 22, 2011, Erwann Abalea wrote:
[...]
In your examples, you set version to 3.
Based on your parsed example, it seems you correctly set the tag
([1]) for the "crls" element, but you didn't use the good encoding
for the "other" field (of type "OtherRevocationInfoFormat", as it
also must be tagged ([1]) and be identified by the correct OID
(1.3.6.1.5.5.7.16.2).
That agrees with my analysis. OpenSSL is choking on that field because it is
expecting a CRL.
Exactly. You seem to be fluent in OpenSSL ;)
Note that OpenSSL doesn't enfornce the version value in the
parser.
"Strict on emitting, relax on receiving"-motto.
But not relax enough to be able to recognize an OCSP token in a
CertificateList. Shame.
(just kidding, not cafeinated enough)
--
Erwann ABALEA
-----
Bien reçu message via groupes discussion, je te répond avec la touche "
répondre au groupe " en ayant sélectionné ton message. J'espère que tu le
recevra dans ta boîte de réception. Le café est en préparation.
-+- in Guide du Neuneu Usenet - Open up, open up -+-
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
