x509 bug? unable to load certificate
Hi, I tried using both the Win32 v0.9.8g and v0.9.8h (along with Shining Light's Visual C++ 2008 Redistributable install) binaries, to no avail. Here's the problem: openssl x509 -inform DER -in smime.p7s -text unable to load certificate 1036:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1294: 1036:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:380:Type=X509_CINF 1036:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:749:Field=cert_inf o, Type=X509 This failure occurs for all 3 .p7s (detached signature) files I've tried, 2 issued by the US Government, and 1 by Verisign. On the other hand, the following works for all 3 files: openssl pkcs7 -print_certs -inform DER -in smime.p7s -text A bug in x509 or something else? Any workarounds? My intent is to use x509 to reformat one of the certs/pkcs7, so that an email program can better ingest it. Regards, Frank J. Iannarilli [EMAIL PROTECTED] Aerodyne Research, Inc., 45 Manning Road, Billerica, MA 01821 USA www.aerodyne.com/cosr/cosr.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Website correction request: only subscribers can post to openssl-users
Hi, On the following page: http://www.openssl.org/support/ it declares that anybody can post to the openssl-users. But evidently (from my experience), that's not true; only subscribers can. Unfortunately, browsing the website doesn't unambiguously indicate whom I should notify about this. So this post is the next best thing, I hope. HTHs, Frank J. Iannarilli [EMAIL PROTECTED] Aerodyne Research, Inc., 45 Manning Road, Billerica, MA 01821 USA www.aerodyne.com/cosr/cosr.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Regenerating a p7s file?
Hi, Thanks to Thomas Hruska, responding to my previous post, for straightening out my newbie understanding. Let me try to reframe my how-to question. I have an S/MIME signed_signature .p7s file, that contains certificates. From using: openssl pkcs7 -print_certs -inform DER -in smime.p7s -text I can see that there are *two* certificates pertaining to the signer (CN: common name entity), each with a different serial number. I want to regenerate this .p7s file, omitting one of the two certificates. Or more generally, to modify one of the certificate entries, e.g. to add the Subject Alternative Name field. I've programmed ASM, C, C++, .dlls, so generally know my way around code, but have no experience with crypto infrastructure. I'd appreciate anyone's suggestion for the appropriate sequence of openssl incantations to achieve my objective. Thanks, Frank Frank J. Iannarilli [EMAIL PROTECTED] Aerodyne Research, Inc., 45 Manning Road, Billerica, MA 01821 USA www.aerodyne.com/cosr/cosr.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
