[openssl-dev] [openssl.org #4301] [BUG] OpenSSL 1.1.0-pre2 fails to parse x509 certificate in DER format
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Thu Feb 11 22:53:25 UTC 2016
Might I suggest that the right thing in this case would be to keep generation strict, but relax the rules on parsing? "Be conservative in what you send, and liberal with what you receive"?
Clearly the device manufacturer is at fault here, but the punished party is the user - probably not what we should want?
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Stephen Henson via RT
Sent: Thursday, February 11, 2016 17:27
To: bcristi at gmail.com
Reply To: rt at openssl.org
Cc: openssl-dev at openssl.org
Subject: [openssl-dev] [openssl.org #4301] [BUG] OpenSSL 1.1.0-pre2 fails to parse x509 certificate in DER format
On Thu Feb 11 21:38:18 2016, bcristi at gmail.com wrote:
> The EK certificate is generated and burned into the TPM during
> manufacturing. The extraction operation always returns the same certificate.
>
I meant do you have any other examples of this anomalous encoding or is it some
rare glitch in the serial number generation?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4301
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4350 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160211/a66629f7/attachment-0001.bin>
More information about the openssl-dev
mailing list