Michael Saladin wrote:
Additional info:
I saw that there is a compiler directive CHARSET_EBCDIC, but this
directive is not used at all locations where something is read from a
certificate.
Is it true that all entries in a certificate are in ASCII?
Unicode, more likely.
If yes, one just had to add a couple of #ifdef CHARSET_EBCDIC to the
code, I suppose one candidate location would be the method
"X509_cmp_time" in "./crypto/x509/x509_vfy.c" which in my case returns
the error X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD when I receive the
certificate on the mainframe (originating from a Linux box).
Sounds right.
Regards
Michael
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael Saladin
Sent: Donnerstag, 26. Juli 2007 16:14
To: openssl-dev@openssl.org
Subject: Question about EBCDIC
Hi all,
I compiled openssl on a mainframe (mainframe emulation using Hercules
(MVS), in the USS (Unix System Services) subsystem), there IBM uses an
EBCDIC charset.
I receive a "Bad time value" when I want to check the peer certificate
(the peer certificate coming from a LINUX machine).
I think that the code in ./crypto/asn1/t_x509.c, in the method
ASN1_UTCTIME_print does not work with charsets where '0' and '9' have
other values as their ASCII values? E.g. the following code from the
method looks like this:
for (i=0; i<10; i++)
if ((v[i] > '9') || (v[i] < '0')) goto err;
which is translated on a machine with ISO-charset to this:
for (i=0; i<10; i++)
if ((v[i] > 0x39) || (v[i] < 0x30)) goto err;
but on a machine using EBCDIC (IBM-1047) charset, it is translated to
this:
for (i=0; i<10; i++)
if ((v[i] > 0xf9) || (v[i] < 0xf0)) goto err;
Shouldn't you use the numbers instead of the contants '0' and '9'? I'm
just now compiling the code using the values 0x39 and 0x30 ... and it
works insofar as the output is now correct, but I still get the error:
26.07.2007 16:13:30,139 [t3.comm.OpenSSLHelper] [ERROR] err: 13(format
error in certificate's notBefore field)
Therefore, I assume that the constants '0' and '9' are used in other
places as well?
Any help would be appreciated.
Michael
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
