On Thu, Dec 15, 2011, harrije wrote: > > I have not had any success in my search for a known issue with malformed > client certificates generated by openssl 1.0.0e for Windows. Before I invest > too much time trying to debug the issue, I wanted to query whether others > may have a clue on cause and resolution. See following description... > > I downloaded/built/installed openssl 1.0.0e for Linux (per instructions in > the tar INSTALL file) and for Windows 32 (per the instructions in the tar > INSTALL.W32 file for Visual Studio). I then rebuilt a two versions of a > client program (one for Linux and one for Windows 32) that were previously > working correctly when using openssl 9.8e. The same client source code > (written in C) is used for both the Linux and Windows 32 versions. Moreover, > the same client source is used when building the openssl 9.8e and 1.0.0e > versions with the exception of the openssl headers, which correspond to > those provided in the tar for the respective openssl versions. > > The Linux client using openssl 1.0.0e generates the same certificate as the > Linux client using openssl 9.8e. The Windows client using openssl 1.0.0e > generates a different certificate, which the server (also using openssl > 1.0.0e) does not recognize. Wireshark shows the client certificate from the > windows client to be malformed, as does the following command: > > # openssl x509 -noout -in client.cert -text > unable to load certificate > 7808:error:0D07209B:asn1 encoding routines:ASN1_get_object:too > long:asn1_lib.c:142: > 7808:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object > header:tasn_dec.c:1303: > 7808:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error:tasn_dec.c:208:Type=ASN1_TIME > 7808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested > asn1 error:tasn_dec.c:748:Field=notBefore, Type=X509_VAL > 7808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested > asn1 error:tasn_dec.c:748:Field=validity, Type=X509_CINF > 7808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested > asn1 error:tasn_dec.c:748:Field=cert_info, Type=X509 > 7808:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: > > Does anyone have an idea of what went wrong with the Windows version? >
Pretty much impossible to answer without seeing either the malformed certificate or the code that created it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
