Additional info: I saw that there is a compiler directive CHARSET_EBCDIC, but this directive is not used at all locations where something is read from a certificate.
Is it true that all entries in a certificate are in ASCII? If yes, one just had to add a couple of #ifdef CHARSET_EBCDIC to the code, I suppose one candidate location would be the method "X509_cmp_time" in "./crypto/x509/x509_vfy.c" which in my case returns the error X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD when I receive the certificate on the mainframe (originating from a Linux box). Regards Michael -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Saladin Sent: Donnerstag, 26. Juli 2007 16:14 To: [email protected] Subject: Question about EBCDIC Hi all, I compiled openssl on a mainframe (mainframe emulation using Hercules (MVS), in the USS (Unix System Services) subsystem), there IBM uses an EBCDIC charset. I receive a "Bad time value" when I want to check the peer certificate (the peer certificate coming from a LINUX machine). I think that the code in ./crypto/asn1/t_x509.c, in the method ASN1_UTCTIME_print does not work with charsets where '0' and '9' have other values as their ASCII values? E.g. the following code from the method looks like this: for (i=0; i<10; i++) if ((v[i] > '9') || (v[i] < '0')) goto err; which is translated on a machine with ISO-charset to this: for (i=0; i<10; i++) if ((v[i] > 0x39) || (v[i] < 0x30)) goto err; but on a machine using EBCDIC (IBM-1047) charset, it is translated to this: for (i=0; i<10; i++) if ((v[i] > 0xf9) || (v[i] < 0xf0)) goto err; Shouldn't you use the numbers instead of the contants '0' and '9'? I'm just now compiling the code using the values 0x39 and 0x30 ... and it works insofar as the output is now correct, but I still get the error: 26.07.2007 16:13:30,139 [t3.comm.OpenSSLHelper] [ERROR] err: 13(format error in certificate's notBefore field) Therefore, I assume that the constants '0' and '9' are used in other places as well? Any help would be appreciated. Michael ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
