[EXTERNAL] Re: Unusual certificates

Thu Jun 25 14:40:26 UTC 2020

The second certificate seems garbaged at the 4th RDN of the issuerName.
The Base64 edition might have added or deleted some characters.

Cordialement,
Erwann Abalea

Le 25/06/2020 16:00, « openssl-users au nom de Angus Robertson - Magenta Systems Ltd » <openssl-users-bounces at openssl.org au nom de angus at magsys.co.uk> a écrit :

    More information, the original certificates supplied by the end user
    had unwrapped base64 blocks, lines 2,500 long.  I wrapped them for
    email.  

    If I try the asn1parse command on the wrapped certificates, they now
    attempt to parse, the OK is fine, the bad one now gives an error
    message from asn1parse:

    Error in encoding
    20236:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
    long:crypto\asn1\asn1_lib.c:91:

    and error:09091064:PEM routines:PEM_read_bio_ex:bad base64 decode
    from PEM_read_bio_X509.  

    The RFC says 'Parsers MAY handle other line sizes' but it would be good
    if OpenSSL gave a 'PEM line too long' error rather than no error.  I'll
    change my library code to check for line ending in the base64 to give
    the user a polite message.  

    Now the only problem is what is asn1 decoding unhappy with?

    Angus