I have not had any success in my search for a known issue with malformed client certificates generated by openssl 1.0.0e for Windows. Before I invest too much time trying to debug the issue, I wanted to query whether others may have a clue on cause and resolution. See following description...
I downloaded/built/installed openssl 1.0.0e for Linux (per instructions in the tar INSTALL file) and for Windows 32 (per the instructions in the tar INSTALL.W32 file for Visual Studio). I then rebuilt a two versions of a client program (one for Linux and one for Windows 32) that were previously working correctly when using openssl 9.8e. The same client source code (written in C) is used for both the Linux and Windows 32 versions. Moreover, the same client source is used when building the openssl 9.8e and 1.0.0e versions with the exception of the openssl headers, which correspond to those provided in the tar for the respective openssl versions. The Linux client using openssl 1.0.0e generates the same certificate as the Linux client using openssl 9.8e. The Windows client using openssl 1.0.0e generates a different certificate, which the server (also using openssl 1.0.0e) does not recognize. Wireshark shows the client certificate from the windows client to be malformed, as does the following command: # openssl x509 -noout -in client.cert -text unable to load certificate 7808:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142: 7808:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1303: 7808:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:208:Type=ASN1_TIME 7808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=notBefore, Type=X509_VAL 7808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=validity, Type=X509_CINF 7808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=cert_info, Type=X509 7808:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: Does anyone have an idea of what went wrong with the Windows version? -- View this message in context: http://old.nabble.com/Malformed-Certificate-Created-for-Windows-but-Not-Linux-tp32983415p32983415.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
