[openssl-users] Openssl failed to decrypt certificate without \r\n

Benjamin Kaduk bkaduk at akamai.com
Mon Sep 18 12:23:43 UTC 2017

On 09/18/2017 12:59 AM, Viktor Dukhovni wrote:
>> On Sep 17, 2017, at 10:23 PM, Zhang, Lily (USD) <Lily.Zhang at dell.com> wrote:
>> Would you help me to take a look this certificate issue?
>> In order to send out the file, I added ".txt" in the file name. Please remove it before test it.
>> Leaf_no_rn.cer doesn't have \r\n in the BASE64 string, it can't be parsed by openssl.
>> Leaf_with_rn.cer is the same as Leaf_no_rn.cer, but it has \r\n in BASE64 string. 
>> Both the attached two certificates can be parsed by Windows.
> This is expected, the OpenSSL PEM file reader does not support
> input lines with IIRC more than 64 bytes.  PEM files are not
> supposed to have longer lines.

The current code in master should not have a particular limit on line
lengths for *certificates* -- in test/recipes/04-test_pem_data we have
files with 1025 characters on a line, and only use a 256-byte buffer
when reading.  The PEM format does specify a
64-(base64-)characters-per-line limit when the additional PEM
encryption/etc. features are used, but certificates do not use that
feature and do not have a line length restriction.  Perhaps Lily should
specify what version of OpenSSL is in use.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170918/c268df87/attachment.html>

More information about the openssl-users mailing list