i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Mar 21 20:06:31 UTC 2019
> On Mar 21, 2019, at 1:57 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
>
> 1. Return failure from i2d_ASN_OBJECT(), which then percolates
> up to failure to encode the containing structure.
>
> 2. Emit a "harmless" default OID (such as 0.0), returning to
> the behaviour prior to 1.0.1i
>
> 3. Emit the invalid empty OID (06 00) in the expectation that
> this would not be something that other decoders would have
> to support. That is, it would only be used, as in this case,
> to serialize and deserialize objects *within* an application,
> and there would be no pressure on other implementations to
> follow suit.
>
> I am curious what other OpenSSL developers and users would like to
> see happen. Any of the above? Or something else? The present
> behaviour seems wrong to me, because we're silently generating
> invalid structures with missing required fields (when encoding
> incompletely initialized structures).
I've opened https://github.com/openssl/openssl/issues/8553 to track
this issue.
--
Viktor.
More information about the openssl-users
mailing list