Hello. When Openssl parses X.509 certeficate (in my case it was DER-encoded, but I doubt that it is important), it expects 'PostalCode' in 'Subject' to be type of ASN1_PRINTABLE (aka PrintableString in terms of RFC3280). But actually PostalCode is allowed to be two types -- PrintableString and NumericString. So when it is given X.509 certificate with PostalCode as NumericString, openssl fails with log like {{{
unable to load certificate 3664:error:0D07808C:asn1 encoding routines:ASN1_ITEM_EX_D2I:mstring wrong tag:.\crypto\asn1\tasn_dec.c:228:Type=ASN1_PRINTABLE 3664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:750:Field=value, Type=X509_NAME_ENTRY 3664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:711: 3664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:711: 3664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:750:Field=subject, Type=X509_CINF 3664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:750:Field=cert_info, Type=X509 }}} Tag for NumericString is 18 (0x12 in hex). Thank you. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org