AW: OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field
hkario at redhat.com
Mon Mar 4 15:22:32 UTC 2019
On Monday, 4 March 2019 15:20:36 CET Jan Just Keijser wrote:
> Hi Matt,
> On 04/03/19 14:24, Matt Caswell wrote:
> > On 04/03/2019 13:16, Jan Just Keijser wrote:
> >> On 04/03/19 10:21, Wolfgang Knauf wrote:
> >>> Hi,
> >>> the output is this:
> >>> C:\Program Files\OpenVPN\bin>openssl.exe asn1parse -i -in
> >>> ..\config\SSL_HUG1 at l1139218.vt-security.de\l1139218.vt-security.de.user.
> >>> crt
> >>> Error: offset too large
> >>> Would it be OK if I send the crt file to only your mail adress? I don't
> >>> feel save by posting it to the mailing list ;-)?
> >> I ran into the "offset too large" problem myself with my own certs as
> >> well. It turns out the 'asn1parse' util only likes PEM blobs, i.e. the
> >> parts starting with --BEGIN CERTIFICATE--
> > asn1parse will expect PEM by default but is perfectly capable of
> > processing raw DER too. Just use the "-inform DER" option.
> 100% true but that is not what I was referring to; my certs usually look
> like this:
> Version: 3 (0x2)
> Serial Number: 5338 (0x14da)
> Signature Algorithm: sha256WithRSAEncryption
> -----BEGIN CERTIFICATE-----
> it's that part *before* the --BEGIN CERTIFICATE-- on which the
> asn1parse command chokes. You can feed it either a DER file or a PEM
> blob - but not a certificate file with the certificate info listed in it.
ah, yes, that's https://github.com/openssl/openssl/issues/7317
that should be possible to workaround with -strictpem option
Senior Quality Engineer, QE BaseOS Security team
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the openssl-users