[openssl-users] Read cer file failed

Dave Thompson dthompson at prinpay.com
Tue Jan 20 21:43:47 UTC 2015

> From: openssl-users On Behalf Of Jerry OELoo
> Sent: Tuesday, January 20, 2015 00:34

> I am reading cer file into X509 object,
> http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
> cert = d2i_X509_fp(fp, NULL);
> it will return fail, as below
> Error: error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
> long

Worked for me, although I observe the server is labelling 
content-type: text/plain when 2585 (confirmed by 5280)
says application/pkix-cert .  (I resolved 
after CNAMEing through edgekey and akamaiedge, but 
another ISP I can look at got YMMV.)

I note this certificate contains a "control-Z" byte (hex 1A).
Are you possibly running on Windows with the Microsoft 
C runtime and opening the file in text mode? Windows C
treats 1A as terminating a text file, to be compatible with 
MS-DOS and before that CP/M. Windows C also tries to 
use MS-DOS line ending CRLF instead of LF in text files.
To read and write the exact bytes of a file in Windows C,
as is needed for DER objects, use binary mode. 

More information about the openssl-users mailing list