i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

Viktor Dukhovni openssl-users at dukhovni.org
Thu Mar 21 20:06:31 UTC 2019

> On Mar 21, 2019, at 1:57 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
>    1.  Return failure from i2d_ASN_OBJECT(), which then percolates
> 	up to failure to encode the containing structure.
>    2.  Emit a "harmless" default OID (such as 0.0), returning to
> 	the behaviour prior to 1.0.1i
>    3.  Emit the invalid empty OID (06 00) in the expectation that
> 	this would not be something that other decoders would have
> 	to support.  That is, it would only be used, as in this case,
> 	to serialize and deserialize objects *within* an application,
> 	and there would be no pressure on other implementations to
> 	follow suit.
> I am curious what other OpenSSL developers and users would like to
> see happen.  Any of the above?  Or something else?  The present
> behaviour seems wrong to me, because we're silently generating
> invalid structures with missing required fields (when encoding
> incompletely initialized structures).

I've opened https://github.com/openssl/openssl/issues/8553 to track
this issue.


More information about the openssl-users mailing list