<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Also note that the official ASN.1 declaration for <br>
AlgorithmIdentifier (from X.509 (2012), section 7.2) marks <br>
the parameters field as OPTIONAL, so parsers really should <br>
accept its absence.</tt><tt><br>
<br>
However if broken parsers are common (this thread <br>
only found one such parser), maybe it would be <br>
good practice to include the NULL value for compatibility.<br>
<br>
</tt><tt></tt><tt>AlgorithmIdentifier{ALGORITHM:SupportedAlgorithms}
::= SEQUENCE {</tt><tt><br>
</tt><tt> algorithm ALGORITHM.&id({SupportedAlgorithms}),</tt><tt><br>
</tt><tt> parameters
ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL,</tt><tt><br>
</tt><tt>... }</tt><tt><br>
</tt><tt><br>
</tt>
<div class="moz-cite-prefix"><tt>On 2021-01-28 20:07, Thulasi
Goriparthi wrote:</tt><tt><br>
</tt></div>
<blockquote type="cite"
cite="mid:CAB7O4Gzqxo7mx7nQDtKf8SRE-OgMYM5FEjBj=T1=rCep06i11A@mail.gmail.com"><tt></tt>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><font face="monospace">I am trying to
provide a test certificate generated by
openssl-3.0.0-alpha10 to a third party certificate
parser/manager. This software expects
AlgorithmIdentifier to either have parameters or to
have null encoded (05 00) parameters which seems to be
missing in the certificate.</font>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">Certificate generated by
openssl-3.0.0-alpha10</font></div>
<div><font face="monospace"><br>
</font></div>
<div>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 0:d=0 hl=4 l=1030 cons:
SEQUENCE </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 4:d=1 hl=4 l= 752 cons:
SEQUENCE </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 8:d=2 hl=2 l= 3 cons:
cont [ 0 ] </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 10:d=3 hl=2 l= 1 prim:
INTEGER :02</font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 13:d=2 hl=2 l= 1 prim:
INTEGER :01</font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><b><font
face="monospace"> 16:d=2 hl=2 l= 11 cons:
SEQUENCE </font></b></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><b><font
face="monospace"> 18:d=3 hl=2 l= 9 prim:
OBJECT :sha256WithRSAEncryption</font></b></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"><b> 29:d=2 hl=3 l= 143 cons:
</b>SEQUENCE </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 32:d=3 hl=2 l= 11 cons:
SET </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 34:d=4 hl=2 l= 9 cons:
SEQUENCE </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 36:d=5 hl=2 l= 3 prim:
OBJECT :countryName</font></span></p>
</div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">Certificate generated by
openssl-1.1.1g</font></div>
<div><font face="monospace"><br>
</font></div>
<div>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 0:d=0 hl=4 l= 988 cons:
SEQUENCE </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 4:d=1 hl=4 l= 708 cons:
SEQUENCE </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 8:d=2 hl=2 l= 3 cons:
cont [ 0 ] </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 10:d=3 hl=2 l= 1 prim:
INTEGER :02</font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 13:d=2 hl=2 l= 1 prim:
INTEGER :01</font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><b><font
face="monospace"> 16:d=2 hl=2 l= 13 cons:
SEQUENCE </font></b></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><b><font
face="monospace"> 18:d=3 hl=2 l= 9 prim:
OBJECT :sha256WithRSAEncryption</font></b></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"><b> 29:d=3 hl=2 l= 0 prim:
NULL </b> </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 31:d=2 hl=3 l= 143 cons:
SEQUENCE </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 34:d=3 hl=2 l= 11 cons:
SET </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 36:d=4 hl=2 l= 9 cons:
SEQUENCE </font></span></p>
<p
style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;color:rgb(0,0,0)"><span
style="font-variant-ligatures:no-common-ligatures"><font
face="monospace"> 38:d=5 hl=2 l= 3 prim:
OBJECT :countryName</font></span></p>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">From <a
href="https://tools.ietf.org/html/rfc5280#section-4.1.1.2"
moz-do-not-send="true">https://tools.ietf.org/html/rfc5280#section-4.1.1.2</a>,
It isn't clear if NULL parameters can be
completely omitted or if it should still have NULL
encoding.</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">Is this a too stringent
check in the third-party s/w or a miss in
openss-3.0.0-alpha10?</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">Thanks,</font></div>
<div><font face="monospace">Thulasi.</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<pre class="moz-signature" cols="72">Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. <a class="moz-txt-link-freetext" href="https://www.wisemo.com">https://www.wisemo.com</a>
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded</pre>
</body>
</html>