Thanks Jiajia for the update. It's quite unfortunate. I really wish MIT Kerberos can use our ASN1 things so it can give specific error in such case, as the Kerberos/PKINIT/CMS signed data is so huge and complex, how to locate it? Maybe it can print verbose logs? Thanks.
Regards, Kai -----Original Message----- From: Li, Jiajia [mailto:jiajia...@intel.com] Sent: Tuesday, December 22, 2015 2:44 PM To: kerby@directory.apache.org Subject: RE: Fix up for encoding/decoding issues for newly added types and CMS/X509/PKINIT tests Hi Kai, I think there is still with some encoding/decoding issues, because it can't pass in MIT Kerberos decoding process with the latest code. The error: "cms_signeddata_verify: failed to decode message: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag" Thanks Jiajia -----Original Message----- From: Zheng, Kai [mailto:kai.zh...@intel.com] Sent: Monday, December 21, 2015 10:05 AM To: kerby@directory.apache.org Subject: Fix up for encoding/decoding issues for newly added types and CMS/X509/PKINIT tests Hi Jiajia & all, Please check out the following commits and be noted that we have cleared existing to-be-fixed or TODO encoding/decoding issues for recently added CMS/X509/PKINIT types and tests. Please let me know if our encoding results won't pass MIT Kerberos decoding process when testing PKINIT messages with MIT KDC. Thanks. commit 6dca5950e7f8ded5e39a963b10f52779bc5b6756 Author: Kai Zheng <kai.zh...@intel.com> Date: Mon Dec 21 09:57:48 2015 +0800 Fix existing encoding issues in CMS/X509/PKINIT tests, and Asn1Encodable encode may also throw IOException commit 461b724408c45df378615b9201e78a082b8de959 Author: Kai Zheng <kai.zh...@intel.com> Date: Sun Dec 20 17:25:15 2015 +0800 Blindly decoding Any when type info isnt available to assist encoding thereafter commit 97cd36aa5648b5ebf88abae760271eb6eb8f0645 Author: Kai Zheng <kai.zh...@intel.com> Date: Sat Dec 19 20:37:04 2015 +0800 Fixed decoding issues for newly added CMS types for envoloped contentinfo Regards, Kai
