At 10:20 16.04.2002 +0100, you wrote: >If I build openssl with CHARSET_EBCDIC not defined, it fails to recognise a >certificate, presumably because it fails to find the "-----BEGIN >CERTIFICATE-----" string. With CHARSET_EBCDIC defined, I get a Base64 >decode error, presumably because the encrypted data has been passed through >an ASCII/EBCDIC filter as well.
Reading certificates works for us (using BS2000). The only problem with ASCII-EBCDIC i encountered was with the X509_NAME_print_ex function: the parts of the output with stem from text strings in the code were converted too and came therefore out as garbage. I made changes to ./crypto/asn1/a_strex.c which solved almost the problem, but there are still some small parts of the output which are garbled. I don't know when i have time for looking further at this problem and making a complete patch for submitting to the mailing list (because i know almost nothing about ASN1 i'm not even sure whether my changes are made at the correct places). >Before I look any deeper, can you confirm that this is the case (that >CHARSET_EBCDIC just implements a crude ASCII/EBCDIC conversion filter), then >I can think about what strategy I need to employ to work around this. It >could be a lot more work than I had hoped ... unless I can get the compiler >to handle strings as ASCII, which is in theory possible. It could be that >this will more of a long-term project if that is the case. Besides the partial garbled output of Certificate Issuer and Subject names i didn't encounter EBCDIC correlated problems. Because Martin (the author of the CHARSET_EBCDIC patches) uses OpenSSL in conjunction with Apache he has made and tested the changes needed for a Web Server. Anything else may need changes at one place or another. Ciao, Richard -- Dr. Richard W. K�nning Fujitsu Siemens Computers GmbH ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
