x509 bug? unable to load certificate

[Frank J. Iannarilli]

Hi,


I tried using both the Win32 v0.9.8g and v0.9.8h (along with Shining 
Light's Visual C++ 2008 Redistributable install) binaries, to no avail.


Here's the problem:

  openssl x509 -inform DER -in smime.p7s -text


unable to load certificate
1036:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong

tag:.\crypto\asn1\tasn_dec.c:1294:

1036:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1

error:.\crypto\asn1\tasn_dec.c:380:Type=X509_CINF

1036:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested

asn1 error:.\crypto\asn1\tasn_dec.c:749:Field=cert_inf
o, Type=X509


This failure occurs for all 3 .p7s (detached signature) files I've tried, 2 
issued by the US Government, and 1 by Verisign.


On the other hand, the following works for all 3 files:
 openssl pkcs7 -print_certs -inform DER -in smime.p7s -text

A bug in x509 or something else?  Any workarounds?  My intent is to use 
x509 to reformat one of the certs/pkcs7, so that an email program can 
better ingest it.


Regards,



Frank J. Iannarilli   [EMAIL PROTECTED]
Aerodyne Research, Inc., 45 Manning Road, Billerica, MA 01821 USA
www.aerodyne.com/cosr/cosr.html
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: x509 bug? unable to load certificate

[Thomas J. Hruska]

Frank J. Iannarilli wrote:

Hi,


I tried using both the Win32 v0.9.8g and v0.9.8h (along with Shining 
Light's Visual C++ 2008 Redistributable install) binaries, to no avail.


Here's the problem:

  openssl x509 -inform DER -in smime.p7s -text


unable to load certificate
1036:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong

tag:.\crypto\asn1\tasn_dec.c:1294:

1036:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1

error:.\crypto\asn1\tasn_dec.c:380:Type=X509_CINF

1036:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested

asn1 error:.\crypto\asn1\tasn_dec.c:749:Field=cert_inf
o, Type=X509


This failure occurs for all 3 .p7s (detached signature) files I've 
tried, 2 issued by the US Government, and 1 by Verisign.


On the other hand, the following works for all 3 files:
 openssl pkcs7 -print_certs -inform DER -in smime.p7s -text

A bug in x509 or something else?  Any workarounds?  My intent is to use 
x509 to reformat one of the certs/pkcs7, so that an email program can 
better ingest it.


Regards,



Frank J. Iannarilli   [EMAIL PROTECTED]
Aerodyne Research, Inc., 45 Manning Road, Billerica, MA 01821 USA
www.aerodyne.com/cosr/cosr.html


Your problem appears to be that you are attempting to use PKCS#7 S/MIME 
signed _signatures_ as DER _certificates_.  Two very different file 
formats, which is what the ASN.1 routines are complaining about.  In 
other words, you are using OpenSSL incorrectly.  It has nothing to do 
with what version you have installed.  What the correct command line is, 
I have no idea - I don't fiddle with S/MIME.



Side note:  The VC++ 2008 Redistributable installer is _Microsoft_'s.  I 
don't see how you could mistake the name Microsoft for Shining Light 
Productions - it is plastered all over their website.  I merely provide 
a link to the _Microsoft_ website that has the download for the 
_Microsoft_ VC++ 2008 Redistributable installer for the sake of 
convenience (and to head off the deluge of complaints from clueless 
souls about OpenSSL not working).


Separating the VC++ redistributable from the main installer is beginning 
to look like a bad idea...  People apparently don't bother reading or 
understanding (or some combination of both).


--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL.
http://www.slproweb.com/


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]