On Tue, Oct 25, 2011, Nan Luo wrote: > Hi, I used to work with openssl-0.9.7, and all my certificates were > generated by openssl-0.9.8. Openssl-0.9.7 works great with openssl-0.9.8's > certificates, I never had issues in parsing, verification, ...... Recently > I upgraded my application with openssl-1.0.0, I found that none of old > openssl-0.9.8 certificates can be decoded properly. My application code > calls API d2i_X509() to convert a DER (or PEM) certificate to a X509 > structure, following is the error output: >
Could it be a problem with how you call d2i_X509? Do any certificates at all work? If the openssl x509 utility in OpenSSL 1.0.0 can handle them properly that does point to an application error as the x509 utility internally calls d2i_X509(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
