On 22-09-2011 17:34, Dr. Stephen Henson wrote:
...
> exptag 6
> ptag 16
> Error reading S/MIME message...
>
Well it is expecting an OID but is getting a SEQUENCE.
Looking at your ASN1 dump perhaps the OID otherRevInfoFormat isn't present?
> ...
> OtherRevocationInfoFormat ::= SEQUENCE {
> otherRevInfoFormat OBJECT IDENTIFIER,
> otherRevInfo ANY DEFINED BY otherRevInfoFormat }
>
> [1](1) //CRLS
> [1](1) //OtherRevocationInfoFormat
------------------------> Missing OID??
When I saw:
OtherRevocationInfoFormat ::= SEQUENCE {
otherRevInfoFormat OBJECT IDENTIFIER,
otherRevInfo ANY DEFINED BY otherRevInfoFormat }
I thought it was literally an ASN1Sequence.
Now OpenSSL is accepting the structure:
---
crls:
d.other:
otherRevInfoFormat: undefined (1.3.6.1.5.5.7.16.2)
otherRevInfo: SEQUENCE:
0:d=0 hl=4 l=1079 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: ENUMERATED :00
7:d=1 hl=4 l=1072 cons: cont [ 0 ]
11:d=2 hl=4 l=1068 cons: SEQUENCE
15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response
---
It dumps the contents without interpreting as an OCSP response, but
that's fine, as the proper interpretation depends on the client
application (Set-top boxes).
Thanks a lot!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
