Rich, your reply is wrong, but your answer is OK. Serial Numbers are not at all unsigned, since the type of serial numbers is INTEGER in ASN.1, which are signed.
RFC 5280 requires that serial numbers MUST be positive, negative serial numbers do not conform with RFC (see 4.1.2.2). The serialNumber as a Name attribute is also not an unsigned integer, but a Printable String in ASN.1. Regards, Ann. P.S. It is only zero that is really unsigned ;-) Am 01.09.2014 23:21, schrieb Rich Salz via RT: > This is not wrong. Serial numbers are unsigned, and the leading zero byte is to > avoid confusing the high-bit with a sign bit. > -- > Rich Salz, OpenSSL dev team; [email protected] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
