[openssl-dev] [EXTERNAL] Re: PKCS12 safecontents bag type deviation from spec
Tomas Mraz
tmraz at redhat.com
Wed Jan 17 08:14:15 UTC 2018
On Tue, 2018-01-16 at 19:31 +0000, Sands, Daniel wrote:
> On Tue, 2018-01-16 at 14:50 +0000, Salz, Rich via openssl-dev wrote:
> > OpenSSL defines it as a SET OF and the spec says it’s a SEQUENCE
> > OF. Ouch! Will that cause interop problems if we change it? (I
> > don’t remember the DER encoding rules)
> >
> >
> >
>
> Well, a SEQUENCE uses tag 16 while a SET uses tag 17, according to a
> quick reference I found. So that could be an interoperability
> concern.
> But maybe this is the first actual use of nested safecontents, since
> this difference flew under the radar for so long :)
Would it be possible to allow for loading the safecontents bag with
both correct and incorrect tag? But we should always write the correct
one.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-dev
mailing list