On Mon, Mar 18, 2013 at 5:42 AM, Erwann Abalea
<[email protected]> wrote:
> That CSR is clearly invalid, because one of its objects isn't properly DER
> encoded.
This is precisely my point. All of the OpenSSL calls I make succeed
including PEM_write_X509_REQ. Either,
- the call to PEM_write_X509_REQ should fail indicating that it can't
construct valid ASN.1 because the structure lacks a version
- or the X509_REQ should encode a default version of 0 in the event
the user failed to specify.
As it stands, it is possible to sail through successful calls to the
OpenSSL API and end up with something invalid. This violates the the
principle of least surprise.
:{>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
