Peter Sylvester wrote:
The reverse may not be true in real life. One way this comparison might bite you is when the issue issues certificate with encoding violating the DER requirements. For example, the ASN1_INTEGERs with octet encodings "02" and "00 02" contain the same value 2, but these encodings will in fact be different if you compare them with memcmp. The latter ("00 02") is incorrect encoding, violating DER.It violates even BER as far as I remember Since X.409 1984 the text says: The value of the integer shall be encoded in the fewest possible octets the first (most significant) 9 bits shall not all be ones or zeros.
X.409 is obsolete. However, X.690 is indeed says so, you are correct. -- Lev Walkin [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
