re over a set of v1
> > TBS
> > data, a public key and a bundle of attributes. To verify the
> > certificate or extract the key, you don't need to know what the
> > attributes are, so you can still "use" the certificate in that
> > form.
> > Ho
gt;
> I think I should give TCG first crack at wanting to own the OID. The
> IETF ones are easy: once you codify it in an RFC, the oid registry auto
> extracts it.
Which OID registry are you talking about?
>>>> However, I'm not sure how expandable is ASN.1 using ve
are, so you can still "use" the certificate in that form.
However, you can't get the v1 tool to obey the v3 constraints on the
certificate because it doesn't understand them.
The ASN.1 description of a TPM key contains the actual binary
representation of the key plus a set of inf
s [4] EXPLICIT Extensions OPTIONAL
> > > }
> >
> > Actually, that's the utility of ASN.1, once you use tagging, you
> > don't have to do this. The structure above is identical to:
> >
> > TPMKey ::= SEQUENCE {
> > type
t in an RFC, the oid registry auto
extracts it.
> > > However, I'm not sure how expandable is ASN.1 using version
> > > fields (I've seen no structure being able to be re-used using a
> > > different version). An alternative approach would to allow for
> > > f
ersion be first?
I put OID first because that's what makes the structure self
describing. You simply need to look for the SEQUENCE OBJECT OID
prefix. We can easily register our own, of course as well. If version
goes first, you have a variable prefix.
> However, I'm not sure how e
On Fri, 2016-12-23 at 21:12 +0100, Richard Levitte wrote:
> In message <1482516363.2501.34.ca...@hansenpartnership.com> on Fri,
> 23 Dec 2016 10:06:03 -0800, James Bottomley <
> james.bottom...@hansenpartnership.com> said:
>
> James.Bottomley> The reason this comes about is because we already
> ha
In message <1482516363.2501.34.ca...@hansenpartnership.com> on Fri, 23 Dec 2016
10:06:03 -0800, James Bottomley said:
James.Bottomley> The reason this comes about is because we already have a
standard form
James.Bottomley> for TPM 1.2 keys here:
James.Bottomley>
James.Bottomley>
http://david.
The reason this comes about is because we already have a standard form
for TPM 1.2 keys here:
http://david.woodhou.se/draft-woodhouse-cert-best-practice.html#ident-tpm
However, since I'm working on TPM2 enabling for openssl and gnutls, I
need to come up with a new key format because TPM2 requires
On Thu, Sep 01, 2016 at 01:58:00PM -0700, Quanah Gibson-Mount wrote:
> >The issue only happens when proxying IMAP on port 143 with startTLS or
> >993 (IMAPS). It does not occur on POP w/ starttls or web traffic (443).
> >It also is only happening with this one particular client, as we have
> >num
--On Wednesday, August 24, 2016 5:47 PM -0700 Quanah Gibson-Mount
wrote:
this is clearly a TLS client-side stack trace. Why is nginx acting
as an SSL/TLS client?
It's a proxy server... so it's proxying between the client connecting to
nginx on the IMAPS port and the jetty server on the othe
--On Thursday, August 25, 2016 12:36 AM + Viktor Dukhovni
wrote:
On Wed, Aug 24, 2016 at 11:17:21PM +, Quanah Gibson-Mount via RT
wrote:
When a process (nginx in this case) has this as the server cert, it core
dumps with an abort() when clients request the cert:
You say the server
On Wed, Aug 24, 2016 at 11:17:21PM +, Quanah Gibson-Mount via RT wrote:
> When a process (nginx in this case) has this as the server cert, it core
> dumps with an abort() when clients request the cert:
You say the server dumps core, and yet:
> #1 0x7f22ba125ce8 in __GI_abort () at abor
A customer of ours has a server cert where the CSR was generated with
1.0.2h but was signed with 1.0.0j.
When a process (nginx in this case) has this as the server cert, it core
dumps with an abort() when clients request the cert:
[root@zre-ldap005 q]# gdb /opt/zimbra/common/sbin/nginx
core-ng
weird AFAICS the file names follow an ASN.1 compilers output !
On 7 May 2016 at 13:22, Salz, Rich wrote:
>
>> Where is the actual ASN.1 source ?
>>
>> All I can find is the doctored generated C code !
>
> That's hand-written, not generated.
>
> An ASN.1 comp
> Where is the actual ASN.1 source ?
>
> All I can find is the doctored generated C code !
That's hand-written, not generated.
An ASN.1 compiler, and ASN.1 source, is not used in OpenSSL.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi,
Where is the actual ASN.1 source ?
All I can find is the doctored generated C code !
Many thanks in advance,
Aaron
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
GCM mode isn't currently supported in CMS, it was a bug that it attempted to
use it and produced incorrect results. Resolved now to return an error for GCM.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
When using 'openssl cms -encrypt -aes-256-gcm' the algorithm generated is
encoded as:
SEQUENCE(2 elem)
OBJECT IDENTIFIER2.16.840.1.101.3.4.1.46
OCTET STRING(12 byte)
But RFC 5084 (Using AES-CCM and AES-GCM Authenticated Encryption in the
Cryptographic Message Syntax (
On Dec 16, 2014, at 3:34 PM, Dave Thompson wrote:
>
>>> So, a few questions:
>>>
>>> (1) what's the quick way to, given a DSA *, compute a hash (given an
>> EVP_MD *) over dsa->pub_key as an ASN.1 primitive? I tried:
>>>
>>> AS
On Dec 16, 2014, at 4:14 PM, Dave Thompson wrote:
>> [DSAPublicKey] defined where you would expect, in dsa/dsa_asn1.c .
>> But it's defined as a "choice" that does either the standard INTEGER
>> (from internal BIGNUM) *OR* the above SEQUENCE which is named
>> 'dsa_pub_internal' suggesting that i
> [DSAPublicKey] defined where you would expect, in dsa/dsa_asn1.c .
> But it's defined as a "choice" that does either the standard INTEGER
> (from internal BIGNUM) *OR* the above SEQUENCE which is named
> 'dsa_pub_internal' suggesting that it should be internal to OpenSSL
> i.e. not interoperable
> From: openssl-dev On Behalf Of Douglas E Engert
> Sent: Tuesday, December 16, 2014 11:40
> On 12/16/2014 12:18 AM, Philip Prindeville wrote:
> > Is there an easy way to get at the parameter 'y' (DSA->pub_key, which is
a
> BIGNUM *) in ASN.1 format? (See (2) belo
On 12/16/2014 12:18 AM, Philip Prindeville wrote:
Is there an easy way to get at the parameter ‘y’ (DSA->pub_key, which is a
BIGNUM *) in ASN.1 format? (See (2) below…)
Better yet, how to take that and pass it to ASN_item_digest()?
Also, there’s some confusion (at least for me) about w
Is there an easy way to get at the parameter ‘y’ (DSA->pub_key, which is a
BIGNUM *) in ASN.1 format? (See (2) below…)
Better yet, how to take that and pass it to ASN_item_digest()?
Also, there’s some confusion (at least for me) about what constitutes
DSAPublicKey. According to RFC-5912
I've added support for leading zeroes in the ASN1 length octets which will also
address this bug. For now it's only in the master branch.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
_
On Sat Jun 28 05:53:36 2014, rsalz wrote:
> As discussed, the "failed" encoding is BER, not DER, and we only do
> DER. (And
> if you know what that means, and the difference between the two, you
> have my
> sympathies.)
Actually we *do* do BER in general for decoding and in a number of places
enco
As discussed, the "failed" encoding is BER, not DER, and we only do DER. (And
if you know what that means, and the difference between the two, you have my
sympathies.)
__
OpenSSL Project http://www.
As discussed, the "failed" encoding is BER, not DER, and we only do DER. (And
if you know what that means, and the difference between the two, you have my
sympathies.)
__
OpenSSL Project http://www.
Thanks a lot for fixing this!
//D.S.
On Sun, Jun 1, 2014 at 4:07 PM, Stephen Henson via RT wrote:
> FIxed now, thanks for the report.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>
__
FIxed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.ope
For a time period of days I've been attempting to chase down why
MBSTRING_UTF8 got utf-8 encoded strings turned into T.61 when
generating a CSR with a library, but were utf8strings when using the
openssl command line tool.
Finally found it.
crypto/asn1/a_strnid.c has the default global_mask set
thing.
> I am at the point that I generated the Keys already and have an DH object,
> but I also used the EVP Api and can have access to a EVP_PKEY Object, that
> contains the parameters and y.
>
>
>
>
> --
> View this message in context:
> http://openssl.6102.n7.nabble.com
Hello,
It would be very great if my problem could be solved here.
In C I have to make a Diffie-Hellman Key Exchange and the problem is that
the corresponding Java Server expects a ASN.1 DER encoded
SubjectPublicKeyInfo, the same thing that Java creates with the getEncoded()
Method, described here
Am 5. März 2012 16:45 schrieb Martin Boßlet :
> I'm sorry, but I disagree - this is not a legal encoding, even not at the end
> of a constructed indefinite length encoding.
>
> The first 0x00 cannot belong to a multiple length encoding because section
> 8.1.3.5 of X.690 states that bit 8 would hav
> "84 00 00 00" (three zero octets) would be a valid encoding
> (context-specific tag 0,
> zero length followed by and END OF CONTENTS),
Sorry, this has to read context-specific tag 4 of course.
Best regards,
Martin Bosslet
__
Op
Am 5. März 2012 15:14 schrieb Stephen Henson via RT :
>> [steve - Fri Mar 02 03:57:59 2012]:
>>
>> > [to...@tutus.se - Thu Mar 01 15:44:36 2012]:
>> >
>> > Hi,
>> >
>> > In at least OpenSSL 0.9.8s and 1.0.1-beta1 there is a bug in
Le 05/03/2012 15:14, Stephen Henson via RT a écrit :
>> [steve - Fri Mar 02 03:57:59 2012]:
>>
>>> [to...@tutus.se - Thu Mar 01 15:44:36 2012]:
>>>
>>> Hi,
>>>
>>> In at least OpenSSL 0.9.8s and 1.0.1-beta1 there is a bug in the ASN.1
>&g
Le 05/03/2012 15:14, Stephen Henson via RT a écrit :
[steve - Fri Mar 02 03:57:59 2012]:
[to...@tutus.se - Thu Mar 01 15:44:36 2012]:
Hi,
In at least OpenSSL 0.9.8s and 1.0.1-beta1 there is a bug in the ASN.1
parser that if one has length data such as
84 00 00 00 00
at the end of a block
> [steve - Fri Mar 02 03:57:59 2012]:
>
> > [to...@tutus.se - Thu Mar 01 15:44:36 2012]:
> >
> > Hi,
> >
> > In at least OpenSSL 0.9.8s and 1.0.1-beta1 there is a bug in the ASN.1
> > parser that if one has length data such as
> >
> > 84 0
> [to...@tutus.se - Thu Mar 01 15:44:36 2012]:
>
> Hi,
>
> In at least OpenSSL 0.9.8s and 1.0.1-beta1 there is a bug in the ASN.1
> parser that if one has length data such as
>
> 84 00 00 00 00
>
> at the end of a block to be parsed, it will give "header too
Hi,
In at least OpenSSL 0.9.8s and 1.0.1-beta1 there is a bug in the ASN.1
parser that if one has length data such as
84 00 00 00 00
at the end of a block to be parsed, it will give "header too long" error
even though the ASN.1 is valid. This is because the supplied max value
to asn1_
In routine ASN1_GENERALIZEDTIME_print the line
/* Check for fractions of seconds. */
if (i >= 15 && v[14] == '.')
uses the variable i which no longer has the
value of tm->length but 12. Shouldn't the code
be:
/* Check for fractions of seconds. */
if (i >= tm->leng
> [EMAIL PROTECTED] - Mon Jun 02 10:49:53 2008]:
>
> I think I've spotted a problem generating PKCS#7 DER-encoded output
> using OpenSSL 0.9.8e
>
> crypto/pkcs7/pk7_asn1.c has an ASN.1 definition for PKCS7_SIGNED as:
>
> > ASN1_NDEF_SEQUENCE(PKCS7_SIG
I think I've spotted a problem generating PKCS#7 DER-encoded output
using OpenSSL 0.9.8e
crypto/pkcs7/pk7_asn1.c has an ASN.1 definition for PKCS7_SIGNED as:
> ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
> ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
> ASN1_SET_O
I think I've spotted a problem generating PKCS#7 DER-encoded output
using OpenSSL 0.9.8e
crypto/pkcs7/pk7_asn1.c has an ASN.1 definition for PKCS7_SIGNED as:
ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
ASN1_SET_OF(PKCS7_S
Hi,
this refers to OpenSSL 0.9.8g and SNAP-20080215.
After a lot of painful wondering why things do not work as I expected,
I found that if OpenSSL encodes an ASN1_BIT_STRING, the padding field
will be set to the number of the trailing zeroes of the last octet.
This is done by i2c_ASN1_BIT_STRING
On Sun, Sep 17, 2006, Jeffrey Altman wrote:
> I need to extend the OpenSSL ASN.1 support to include the PKINIT
> SubjectAltName extension and the Kerberized Certificate Authority extension.
>
> Is there any documentation or guidelines available to assist developers
> wis
I need to extend the OpenSSL ASN.1 support to include the PKINIT
SubjectAltName extension and the Kerberized Certificate Authority extension.
Is there any documentation or guidelines available to assist developers
wishing to add new extensions?
Thanks.
Jeffrey Altman
smime.p7s
Description
In message <[EMAIL PROTECTED]> on Tue, 28 Jun 2005 10:26:38 +0200, Nils Larsch
<[EMAIL PROTECTED]> said:
nlarsch> asn1parse doesn't support "txt" input just der or pem
The help says it does. I'll fix that.
Cheers,
Richard
-
Please consider sponsoring my work on free software.
See http://w
Thanks for answers, I'll try with a newer version of OpenSSL!
Aron
---
> I always get error message (ASN1_get_object:too long) when I want to
create
> a DER encoded file from TXT using command line in OpenSSL v0.9.7d.
I had the same problem but only on a view particular S/Mime files.
Please try
> I always get error message (ASN1_get_object:too long) when I want to create
> a DER encoded file from TXT using command line in OpenSSL v0.9.7d.
I had the same problem but only on a view particular S/Mime files.
Please try current OpenSSL-0.9.8-beta6. There was a BASE64 decoding
bug in previous
Szabó Áron wrote:
Hi all,
I always get error message (ASN1_get_object:too long) when I want to create
a DER encoded file from TXT using command line in OpenSSL v0.9.7d.
openssl asn1parse -inform TXT -in input.txt -out output.der
asn1parse doesn't support "txt" input just der or pem
Nils
Hi all,
I always get error message (ASN1_get_object:too long) when I want to create
a DER encoded file from TXT using command line in OpenSSL v0.9.7d.
openssl asn1parse -inform TXT -in input.txt -out output.der
I've also tried with a correct ASN.1 structure (decoded from a real
timestamp)
Jun Kazama wrote:
Dear,
Is there convert-tool which changes a ASN.1-text file into
a ASN.1-c(MACRO) file and a ASN.1-header(STRUCT) file in openssl-src ?
(ex. krb5.asn1 => [convert-tool] => krb5_asn.c & krb5_asn.h )
When there is the convert-tool, where is it ?
I would like to hea
Dear,
Is there convert-tool which changes a ASN.1-text file into
a ASN.1-c(MACRO) file and a ASN.1-header(STRUCT) file in openssl-src ?
(ex. krb5.asn1 => [convert-tool] => krb5_asn.c & krb5_asn.h )
When there is the convert-tool, where is it ?
I would like to hear from you.
Thanks
Goetz Babin-Ebell wrote:
Jostein Tveit wrote:
Goetz Babin-Ebell <[EMAIL PROTECTED]> writes:
is the NISCC test suite that found the ASN.1 bugs in OpenSSL
somewhere available ?
This was the answer I got when I contacted NISCC some days after the
ASN.1
bug was discovered:
: NISCC has a pol
Hello Jostein,
Jostein Tveit wrote:
Goetz Babin-Ebell <[EMAIL PROTECTED]> writes:
is the NISCC test suite that found the ASN.1 bugs in OpenSSL
somewhere available ?
This was the answer I got when I contacted NISCC some days after the ASN.1
bug was discovered:
: NISCC has a policy o
Goetz Babin-Ebell <[EMAIL PROTECTED]> writes:
> is the NISCC test suite that found the ASN.1 bugs in OpenSSL
> somewhere available ?
This was the answer I got when I contacted NISCC some days after the ASN.1
bug was discovered:
: NISCC has a policy of only releasing the test-suite t
Hallo folks,
is the NISCC test suite that found the ASN.1 bugs in OpenSSL
somewhere available ?
We want to include it in our internal test environment...
Bye
Goetz
--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80
-BEGIN PGP SIGNED MESSAGE-
OpenSSL Security Advisory [4 November 2003]
Denial of Service in ASN.1 parsing
==
Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to
address various ASN.1 issues. The issues were found using a test
suite from
-BEGIN PGP SIGNED MESSAGE-
OpenSSL Security Advisory [30 September 2003]
Vulnerabilities in ASN.1 parsing
NISCC (www.niscc.gov.uk) prepared a test suite to check the operation
of SSL/TLS software when presented with a wide range of malformed client
On Fri, Dec 06, 2002, Stefan Kotes wrote:
> Mr. Henson,
> I understand the reason for retaining this behavior, but there is one
> problem with this approach. The OpenSSL library also becomes generator of
> broken encoding, if these DEFAULT SEQUENCE components are populated with
> default values.
Title: RE: ASN.1 DER encoding of SEQUENCE components with DEFAULT values
Mr. Henson,
I understand the reason for retaining this behavior, but there is one problem with this approach. The OpenSSL library also becomes generator of broken encoding, if these DEFAULT SEQUENCE components are
On Fri, Dec 06, 2002, Stefan Kotes wrote:
> Openssl Team,
> I have one question regarding DER encoding of the SEQUENCE/SET components.
> According to the "A Layman's Guide to a Subset of ASN.1, BER, and DER"
> document, if the value of a SEQUENCE or SET component with
Title: ASN.1 DER encoding of SEQUENCE components with DEFAULT values
Openssl Team,
I have one question regarding DER encoding of the SEQUENCE/SET components.
According to the "A Layman's Guide to a Subset of ASN.1, BER, and DER" document, if the value of a SEQUENCE or SET
[[EMAIL PROTECTED] - Thu Apr 25 16:24:12 2002]:
>
> There is an input sanity check in asn1_lib.c that is #if'd out for
> some reason. In its absence, a corrupt certificate read by d2i_X509()
> can at least crash the process. Additionally, the sanity checks both
> there and in a_bytes.c do not t
Stefan Kotes wrote:
>
> All,
> The ASN.1 DER encoding rules for "SET OF" collection say that the values of
> the occurrences in this collection should be lexicographically ordered. I
> have noticed that i2d_X509_NAME function omits this sorting for the
> RelativeDis
All,
The ASN.1 DER encoding rules for "SET OF" collection say that the values of
the occurrences in this collection should be lexicographically ordered. I
have noticed that i2d_X509_NAME function omits this sorting for the
RelativeDistinguishedName member of the X509-NAME. BTW, I sa
[EMAIL PROTECTED] wrote:
>
> I'd like to make a question to the developers about the new ASN.1 code.
> For some projects in which we are involved, we added new structures using
> the old code.
> Now I looked briefly at the new code in the snapshots and I realized
&g
I'd like to make a question to the developers about the new ASN.1 code.
For some projects in which we are involved, we added new structures using
the old code.
Now I looked briefly at the new code in the snapshots and I realized
that many things are changing (with big improvements IMHO re
Hi Kevin,
Im not a developer but have a look at http://www.cryptix.org (ASN.1 Dev
Kit). Looks like it may do the trick. Im told the Netscape LDAP Java kit has
ASN.1 functionality too.
Cheers,
Andrew
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
Im looking for libraries to use with JAVA JDK 1.3 to extract and decode
the OID out of a digital certificate. If any one has any exp. in this or
any clue where to find these libraries I would really appreciate it.
--
Kevin Blanchard Operational Research Consultants, Inc.
[EMAIL PROTEC
S N Henson <[EMAIL PROTECTED]>
> Subject: Re: Object identifiers and ASN.1 syntax
> Date: Tue, 03 Oct 2000 21:31:40 +0100
> Message-ID: <[EMAIL PROTECTED]>
>
> drh> Richard Levitte - VMS Whacker wrote:
> drh> >
> drh> >
> drh> > I'm try
>BTW, are the ways of asking "standard", "iso" and "8571" about each
>other known? Or is that all part of the game?
you have to go to each registrar (arc owner) in turn.
the means of getting name/numbers can be very formal, or wildly
informal.
/r$
>If I'm understanding correctly, he's saying that "standard" is
>subordinate to "iso", so, effectively, you have to defined something
>like "iso/standard" or "iso.standard" in a flat namespace. That is,
>there could be a _different_ "standard" under, say, "ietf"
Exactly.
_
From: Dr S N Henson <[EMAIL PROTECTED]>
Subject: Re: Object identifiers and ASN.1 syntax
Date: Tue, 03 Oct 2000 21:31:40 +0100
Message-ID: <[EMAIL PROTECTED]>
drh> Richard Levitte - VMS Whacker wrote:
drh> >
drh> >
drh> > I'm trying to make a simple perl
From: Ben Laurie <[EMAIL PROTECTED]>
ben> BTW, are the ways of asking "standard", "iso" and "8571" about
ben> each other known? Or is that all part of the game?
If I understand correctly, it's "all part of the game"...
ben> Can we write a daemon that does this (I have this vision of one
ben> of
From: Ben Laurie <[EMAIL PROTECTED]>
ben> BTW, if I'm understanding correctly, what you write is:
ben>
ben> iso.standard OBJECT IDENTIFIER ::= { 0 }
ben>
ben> or something to that effect...
OK, that starts to make sense. Now to figure out the most efficient
way to parse a OID value..
Rich Salz wrote:
>
> > One can see definitions like this:
> >
> > { iso standard 8571 abstract-syntax (2) }
>
> The names aren't flat. To find out the number for "standard", you
> ask iso. To find out the number of abstract-syntax, you ask the entity
> that maintains "8571" (you might h
Ben Laurie wrote:
> > What I'm trying to figure out is how I will best get together all the
> > information from reading a number of ASN.1 modules. I'm wondering for
> > example how "standard" is defined. Is it something like this?
> >
> &
Richard Levitte - VMS Whacker wrote:
>
> From: Rich Salz <[EMAIL PROTECTED]>
> Subject: Re: Object identifiers and ASN.1 syntax
> Date: Tue, 03 Oct 2000 14:43:05 -0400
> Message-ID: <[EMAIL PROTECTED]>
>
> rsalz> > One can see definitions like this:
>
From: Rich Salz <[EMAIL PROTECTED]>
Subject: Re: Object identifiers and ASN.1 syntax
Date: Tue, 03 Oct 2000 14:43:05 -0400
Message-ID: <[EMAIL PROTECTED]>
rsalz> > One can see definitions like this:
rsalz> >
rsalz> > { iso standard 8571 abstract-syntax
Richard Levitte - VMS Whacker wrote:
>
>
> I'm trying to make a simple perl script that is capable of parsing
> through an ASN.1 module embedded in any document an extracting the
> OIDs from it. When I'm done with that, I'll extend it to be able to
> parse L
ht have to ask "standard" who that is).
I'm not used to seeing a space before the "(2)" but I I suppose it's
possible and/or legal. :)
> { id-pkix-ocsp 1 }
>
> where 'id-pkix-ocsp' is the OID of the OCSP arc.
Yup, that's definitely
I'm getting a little confused about some parts of OID definitions.
I've tried to understand what "ASN.1 Complete" has to say about it,
but I can't say it really cleared the confusion.
One can see definitions like this:
{ iso standard 8571 abstract-syntax (2) }
Please pardon my less known ,my english is very poor,but i
want to know is:
How can i use the ASN.1 function to do some
ordinary DER encoding or decoding action?
Sinerely
Thanks!
Salz, Rich wrote:
>
> The folks at the Distributed Systems Technology Center is building
> a PKI from the ground up. They've made similar modifications to
> SNACC. The primary difference is that VanDyke considers their version
> to be frozen ("it does what we need it to do") while DSTC might st
The folks at the Distributed Systems Technology Center is building
a PKI from the ground up. They've made similar modifications to
SNACC. The primary difference is that VanDyke considers their version
to be frozen ("it does what we need it to do") while DSTC might still
be doing some work on the
Relevant to previous ASN.1 compiler discussions?
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER: http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe? http://ApacheCon.Com/
Tony,
The DER-enhanced SNACC ASN.1 freeware is freely available to
At ValiCert we have developed an ASN.1 parser and code generator. This tool
takes an ASN.1 module specification and generates the corresponding SSLeay C
code for it.
This might be of value to other SSLeay developers so we are making it
available for free download and use.
Please visit http
91 matches
Mail list logo
