Hello,
I'm writing a SCEP server implementation, which in automatic mode
is expected to produce a certificate if the request
challengePassword is ok. As the SCEP server mostly handles
requests and certificates in DER format, the script that does the
signing first uses openssl req to convert the request from DER to
PEM, then openssl ca to create the certificate, and finally
openssl x509 to convert back from PEM to DER. The script works
beautifully when run manually, I use it to implement the manual
SCEP mode. But when I fork and exec it from the SCEP server
(which of course does a lot of openssl processing before it gets
that far), the openssl req always fails with an error message of
/usr/local/ssl/bin/openssl req -config /usr/local/lib/scep/openscep.cnf -in
/usr/local/lib/scep/pending/6F257C4A98C36B4F166E634EB571CF85 -inform DER -out
/var/tmp/request.25746
Using configuration from /usr/local/lib/scep/openscep.cnf
unable to load X509 request
25749:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too
long:asn1_lib.c:139:
Starting the same command manually (by just copy-pasting the
command to a shell prompt) produces the expected result. What
causes openssl req to fail with a perfectly legal command that
works under most other circumstances?
I did some (so)trussing (on Solaris 8) and could not find
anything abnormal, as far as openssl req gets.
Mit herzlichem Gruss
Andreas Mueller
--
Dr. Andreas Mueller, Beratung und Entwicklung
Bubental 53, CH - 8852 Altendorf
Email: [EMAIL PROTECTED]
Voice: +41 55 4621483 Fax: +41 55 4621485
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
