[openssl-users] Certificate format question?
Hubert Kario
hkario at redhat.com
Tue Sep 25 17:15:47 UTC 2018
On Tuesday, 25 September 2018 00:55:16 CEST Viktor Dukhovni wrote:
> > On Sep 24, 2018, at 6:25 PM, Scott Neugroschl <scott_n at xypro.com> wrote:
> >
> > I tried googling, but couldn’t find an answer to this…
> >
> > I came across a certificate that had some text garbage before the ----
> > BEGIN CERTIFICATE ---- line.
> >
> > I know that the cert is defined as the data between the delimiters. Do
> > the specs say anything about data before the BEGIN delimiter? Would a
> > certificate with such data be valid? I know OpenSSL accepts such a cert,
> > but is this an extension, or is it explicitly permitted by the
> > standards/specifications?
> https://tools.ietf.org/html/rfc7468#section-2
then it looks like the parser used in asn1parse -inform pem is non-
compliant...
https://github.com/openssl/openssl/issues/7317
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180925/36e5af73/attachment-0001.sig>
More information about the openssl-users
mailing list