Stefan Kotes wrote: > > All, > The ASN.1 DER encoding rules for "SET OF" collection say that the values of > the occurrences in this collection should be lexicographically ordered. I > have noticed that i2d_X509_NAME function omits this sorting for the > RelativeDistinguishedName member of the X509-NAME. BTW, I saw the same > behavior in other libraries (for example getEncoded method of > X509Certificate class in Java 2 SDK), but could not find an explanation for > this exception. > Can somebody explain this exception from asn.1 encoding rules ?
I think this will only be OpenSSL 0.9.6X and before, the new ASN1 code should handle this properly. Its a bug. However multiple members in SET OF for RDNs are very rare: I've only come across a couple of examples in the field. They can't be produced with the commmand line tools but can be by use of the API. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]