[openssl-users] Certificate format question?

Hubert Kario hkario at redhat.com
Tue Sep 25 17:15:47 UTC 2018

On Tuesday, 25 September 2018 00:55:16 CEST Viktor Dukhovni wrote:
> > On Sep 24, 2018, at 6:25 PM, Scott Neugroschl <scott_n at xypro.com> wrote:
> > 
> > I tried googling, but couldn’t find an answer to this…
> > 
> > I came across a certificate that had some text garbage before the ----
> > BEGIN CERTIFICATE ---- line.
> > 
> > I know that the cert is defined as the data between the delimiters.  Do
> > the specs say anything about data before the BEGIN delimiter?  Would a
> > certificate with such data be valid?  I know OpenSSL accepts such a cert,
> > but is this an extension, or is it explicitly permitted by the
> > standards/specifications?
> https://tools.ietf.org/html/rfc7468#section-2

then it looks like the parser used in asn1parse -inform pem is non-


Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180925/36e5af73/attachment-0001.sig>

More information about the openssl-users mailing list