Hi Sergey,
On Fri, Feb 06, 2009 at 10:48:32AM +0300, Sergey V. Koupreyenko wrote:
> I've found the reason why importing my certificates into the OpenXPKI fails
> (see my previous messsage).
I'm glad you figured out the problem.
> The next certificate's PEM-file is produced by openssl utility and signed by
> my self-signed certificate. It also contains the same hexdump but in addtion
> it is prepended by the text srtings describing this certificate's field
> values. This is standard for OpenSSL and any OpenSSL API X509 function
> accepts such PEM-files. But OpenXPKI not.
Hmmm, apparently we are decoding the PEM ourselves and the passing it
to OpenSSL's d2i_X509 function as DER, this is why this happens.
> Conclusion. I think it is not right thing when OpenXPKI does not accept
> sertificates which are successfuly produced and verifyed by the OpenSSL
> suite. Please check the source code and fix it.
I tend to disagree. OpenXPKI is not meant to be OpenSSL-specific, and
I guess other non-OpenSSL software wouldn't accept that format either
(I haven't tried it, but I assume keytool, gsk6cmd, etc will bark on
it). I had a quick look for a function that would convert OpenSSL's
version of "PEM" to DER, but couldn't find one, so it looks like this
also might be quite difficult to implement. If you know or find an
easy solution to that, I'd consider implementing it, though.
Best regards,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer
[email protected] | working @ urn:oid:1.3.6.1.4.1.11417
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
