[openssl-dev] [openssl.org #4650] BUG: parsing CRL with openssl
Mark Csaba via RT
rt at openssl.org
Wed Aug 17 17:27:06 UTC 2016
Hello,
I have a large CRL. It is 4503899 bytes long in DER format.
If I try to dump it with: openssl crl -inform DER -text -noout -in /tmp/user.crl I got an error:
unable to load CRL
139981611914920:error:0D09E09B:asn1 encoding routines:X509_NAME_EX_D2I:too long:x_name.c:203:
139981611914920:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=issuer, Type=X509_CRL_INFO
139981611914920:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=crl, Type=X509_CRL
I tried this with:
- OpenSSL 1.0.2h-fips
- OpenSSL 1.0.1t
- OpenSSL 1.0.1e-fips
Only OpenSSL 1.0.1e-fips ran without error and dumped the CRL.
Since one version ran smoothly I suppose the command is correct.
Is it really a bug in 1.0.2h or 1.0.2h needs different parameters?
Cheers
Csaba
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4650
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 6897 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160817/c600ebad/attachment.bin>
More information about the openssl-dev
mailing list