On Thu, Apr 10, 2008, Mohd Saleem wrote:
> Hi ,
>
> I have char buffer in base64 encoded format. The client should read the
> buffer, decode it and get the result in X509 structure, i am facing issues
> with this.
> I am getting an error, error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN:wrong tag.
> Could you help me in resolving this.
> Any help will be great. I have attached code for reference.
> Thanks in advance.
> Saleem
>
>
> // This is my base64 encoded certificate
> char *gacacert =
> "MIICLzCCAiswggGUoAMCAQICBgEYgSDT3DANBgkqhkiG9w0BAQUFADA0MRAwDgYD\n\
> VQQKEwdlbnRydXN0MQwwCgYDVQQLEwNlbmcxEjAQBgNVBAMTCWdhTG9jYWxDQTAe\n\
> Fw0wODAzMDUyMjQ3MzVaFw0yODAyMjkyMjQ3MzVaMDQxEDAOBgNVBAoTB2VudHJ1\n\
> c3QxDDAKBgNVBAsTA2VuZzESMBAGA1UEAxMJZ2FMb2NhbENBMIGfMA0GCSqGSIb3\n\
> DQEBAQUAA4GNADCBiQKBgQDW4ONrqPZ/Hc9Ft/vL1eD76XpbxhdmAezpjGK0aWa2\n\
> 2QCkDD6IpU3VxpW93+i8em2zgCV5fujbcJuNebk+Y24q3w8FVbba7BZGcaoatB99\n\
> vdZ0gp/t/DXq9KsdxdlE2W/mKBCvxkkMsEnm5kHeHZXByouqPvIXGBsJORCH2ahB\n\
> vwIDAQABo0gwRjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIA\n\
> JDAdBgNVHQ4EFgQUIZVCc+92iSwt3CD3P9TYIJB6pLQwDQYJKoZIhvcNAQEFBQAD\n\
> gYEAjZq3mZ/Q6F26BBd74Q5lJcABGTM4nB1mThaCJk//dLx6WhmWoXJoZD0//nYM\n\
> UDvISCc4KtMZoe5qkO/BKJs9IwsXQyZiPl5bAtcfN6OmSe+fmNPMUKD1ck8l7WLu\n\
> 7k6hlBwrIIi05KhiYLY5i4ZbVh0+DyjIkXbv2GJj+g0CrEE=";
>
> int SClient::loadCert(char *v_cert)
> {
> try
> {
> char errStr[512];
> int ierr = 0;
>
> SSLeay_add_ssl_algorithms();
> SSL_METHOD *pSSLMethod = SSLv3_client_method();
> SSL_load_error_strings();
> SSL_CTX *pSSL_Context = SSL_CTX_new (pSSLMethod);
>
> // Adding the header and footer
> char *charsToPrepend = "-----BEGIN CERTIFICATE-----\n";
> char *charsToAppend = "\n-----END CERTIFICATE-----";
> char memBuffer[2000];
> strcpy(memBuffer, charsToPrepend);
> strcat(memBuffer, v_cert);
> strcat(memBuffer, charsToAppend);
>
> BIO *membuf = BIO_new(BIO_s_mem());
> BIO_puts(membuf, memBuffer);
>
> // **** This is returning null.
> X509 *x509 = PEM_read_bio_X509(membuf, NULL, NULL, NULL);
> if (x509 == NULL)
> {
> ierr = ERR_get_error();
> ERR_error_string(ierr, errStr);
> // The error here is....
> // error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> }
> }
> catch( ...)
> {
> //("Unexpected exception");
> return 0;
> }
>
> return 1;
> }
>
The actual data you have there is not a valid certificate. If you print the
complete error using ERR_print_errors_fp() for example it will complain about
the serialNumber field.
Analysing the result shows it is actually a SEQUENCE OF Certificate. So
whatever produced that data needs to output in the correct form.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
