Rich, your reply is wrong, but your answer is OK. Serial Numbers are not at all unsigned, since the type of serial numbers is INTEGER in ASN.1, which are signed.
RFC 5280 requires that serial numbers MUST be positive, negative serial numbers do not conform with RFC (see 4.1.2.2). The serialNumber as a Name attribute is also not an unsigned integer, but a Printable String in ASN.1. Regards, Ann. P.S. It is only zero that is really unsigned ;-) Am 01.09.2014 23:21, schrieb Rich Salz via RT: > This is not wrong. Serial numbers are unsigned, and the leading zero byte is to > avoid confusing the high-bit with a sign bit. > -- > Rich Salz, OpenSSL dev team; rs...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
