x509 bug? unable to load certificate

2008-07-10 Thread Frank J. Iannarilli

Hi,


I tried using both the Win32 v0.9.8g and v0.9.8h (along with Shining 
Light's Visual C++ 2008 Redistributable install) binaries, to no avail.


Here's the problem:

  openssl x509 -inform DER -in smime.p7s -text


unable to load certificate
1036:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong

tag:.\crypto\asn1\tasn_dec.c:1294:

1036:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1

error:.\crypto\asn1\tasn_dec.c:380:Type=X509_CINF

1036:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested

asn1 error:.\crypto\asn1\tasn_dec.c:749:Field=cert_inf
o, Type=X509


This failure occurs for all 3 .p7s (detached signature) files I've tried, 2 
issued by the US Government, and 1 by Verisign.


On the other hand, the following works for all 3 files:
 openssl pkcs7 -print_certs -inform DER -in smime.p7s -text

A bug in x509 or something else?  Any workarounds?  My intent is to use 
x509 to reformat one of the certs/pkcs7, so that an email program can 
better ingest it.


Regards,



Frank J. Iannarilli   [EMAIL PROTECTED]
Aerodyne Research, Inc., 45 Manning Road, Billerica, MA 01821 USA
www.aerodyne.com/cosr/cosr.html
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


Website correction request: only subscribers can post to openssl-users

2008-07-10 Thread Frank J. Iannarilli

Hi,

On the following page:
 http://www.openssl.org/support/
it declares that anybody can post to the openssl-users.

But evidently (from my experience), that's not true; only subscribers can. 
Unfortunately, browsing the website doesn't unambiguously indicate whom I 
should notify about this.  So this post is the next best thing, I hope.


HTHs,


Frank J. Iannarilli   [EMAIL PROTECTED]
Aerodyne Research, Inc., 45 Manning Road, Billerica, MA 01821 USA
www.aerodyne.com/cosr/cosr.html
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


Regenerating a p7s file?

2008-07-10 Thread Frank J. Iannarilli

Hi,


Thanks to Thomas Hruska, responding to my previous post, for straightening 
out my newbie understanding.  Let me try to reframe my how-to question.


I have an S/MIME signed_signature .p7s file, that contains certificates. 

From using:


 openssl pkcs7 -print_certs -inform DER -in smime.p7s -text

I can see that there are *two* certificates pertaining to the signer (CN: 
common name entity), each with a different serial number.  I want to 
regenerate this .p7s file, omitting one of the two certificates. Or more 
generally, to modify one of the certificate entries, e.g. to add the 
Subject Alternative Name field.


I've programmed ASM, C, C++, .dlls, so generally know my way around code, 
but have no experience with crypto infrastructure.  I'd appreciate anyone's 
suggestion for the appropriate sequence of openssl incantations to achieve 
my objective.


Thanks,
Frank


Frank J. Iannarilli   [EMAIL PROTECTED]
Aerodyne Research, Inc., 45 Manning Road, Billerica, MA 01821 USA
www.aerodyne.com/cosr/cosr.html
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]