Hi Andreas, > L6 - generalNames: > L7 - generalName: > L8 - otherName: > => 80 bytes @ 0xd78923 > 0: 06 03 55 04 0A A0 49 0C 47 67 65 6D 61 74 69 6B ..U...I.Ggematik > 16: 20 47 65 73 65 6C 6C 73 63 68 61 66 74 20 66 C3 Gesellschaft f. > 32: BC 72 20 54 65 6C 65 6D 61 74 69 6B 61 6E 77 65 .r Telematikanwe > 48: 6E 64 75 6E 67 65 6E 20 64 65 72 20 47 65 73 75 ndungen der Gesu > 64: 6E 64 68 65 69 74 73 6B 61 72 74 65 20 6D 62 48 ndheitskarte mbH > L9 - type-id: > 'O' > L9 - value: > => 73 bytes @ 0xd7892a > 0: 0C 47 67 65 6D 61 74 69 6B 20 47 65 73 65 6C 6C .Ggematik Gesell > 16: 73 63 68 61 66 74 20 66 C3 BC 72 20 54 65 6C 65 schaft f..r Tele > 32: 6D 61 74 69 6B 61 6E 77 65 6E 64 75 6E 67 65 6E matikanwendungen > 48: 20 64 65 72 20 47 65 73 75 6E 64 68 65 69 74 73 der Gesundheits > 64: 6B 61 72 74 65 20 6D 62 48 karte mbH > > which is just being ignored.
It actually isn't. pki --print only successfully parses the certificate if the openssl plugin is loaded, otherwise it fails right after the output you posted above. The x509 plugin isn't happy about the unparsed generalName (while parse_otherName() returns TRUE, no id_type or encoding is returned, so parse_generalName() eventually returns NULL, which causes x509_parse_generalNames() to fail). Regards, Tobias