Hi,
I don't know if I'm doing this correctly, but when I call X509_dup on a X509
object that has been recently created it returns NULL. For example
X509 *x1 = X509_new();
X509 *x2 = X509_dup ( x1 );
// x2 is null, indicating a duplication error
Now it will always return NULL unless I set the validity period first, i.e.:
X509 *x1 = X509_new();
X509_gmtime_adj(X509_get_notBefore(x1), 0);
X509_gmtime_adj(X509_get_notAfter(x1), 0);
X509 *x2 = X509_dup ( x1 );
// x2 is not null
It also seems no matter what other fields I set on the X509 object it will
not duplicate unless the validity is set. This caused a minor problem in my
program, which I was able to avoid.
If I call ERR_print_errors_fp, I get the following errors:
2548:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:.\crypto\asn1\asn1_lib.c:142:
2548:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:.\crypto\asn1\tasn_dec.c:1281:
2548:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:.\crypto\asn1\tasn_dec.c:208:Type=ASN1_TIME
2548:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested
asn1 error:.\crypto\asn1\tasn_dec.c:749:Field=notBefore, Type=X509_VAL
2548:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested
asn1 error:.\crypto\asn1\tasn_dec.c:749:Field=validity, Type=X509_CINF
2548:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested
asn1 error:.\crypto\asn1\tasn_dec.c:749:Field=cert_info, Type=X509
----- Sorry if wrapping is broken -----
I think it should be valid to duplicate a X509 without those fields being
nessacerly set. So unless someone more familiar with the OpenSSL code can
offer a quick fix, then I would be happy to try and create a patch. Unless
of course this behaviour is by design.
Thank you
Andrew
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
