Re: DER coding CRLDistributions points

help-libtasn1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DER coding CRLDistributions points

From:	Simon Josefsson
Subject:	Re: DER coding CRLDistributions points
Date:	Thu, 10 Feb 2011 12:09:26 +0100
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux)

Andy Newton <address@hidden> writes:

> As a follow up (I could not include this in the same email due mailing list 
> limitations), when I compare the output of my program with the output of 
> another certificate which does render properly in OpenSSL, I see a missing 
> sequence.

The difference is not a missing SEQUENCE, but a missing explicit [0]
tag, isn't it?  I can't provide any more help than this right now, but
maybe it will lead you in the right direction.  If you can distill your
problem into some self-contained code (ASN1 schema + C code + build
instructions) it would be easier to start debugging for us where the
problem is.

Also compare code in GnuTLS related to this:

http://git.savannah.gnu.org/cgit/gnutls.git/tree/lib/x509/extensions.c#n1111
http://git.savannah.gnu.org/cgit/gnutls.git/tree/lib/x509/extensions.c#n906

However it looks similar to your code.

/Simon

> Here is my extension as seen by dumpasn1:
>
> 534   53:         SEQUENCE {
>    <06 03>
> 536    3:           OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
>         :             (X.509 extension)
>    <04 2E>
> 541   46:           OCTET STRING, encapsulates {
>    <30 2C>
> 543   44:             SEQUENCE {
>    <30 2A>
> 545   42:               SEQUENCE {
>    <A0 28>
> 547   40:                 [0] {
>    <86 26>
> 549   38:                   [6] 'rsync://rpki.arin.net/we-put-crls-here'
>         :                   }
>         :                 }
>         :               }
>         :             }
>         :           }
>         :         }
>
> And here is the extension of the working cert as seen by dumpasn1:
>
> 923  128:         SEQUENCE {
>    <06 03>
> 926    3:           OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
>         :             (X.509 extension)
>    <04 79>
> 931  121:           OCTET STRING, encapsulates {
>    <30 77>
> 933  119:             SEQUENCE {
>    <30 75>
> 935  117:               SEQUENCE {
>    <A0 73>
> 937  115:                 [0] {
>    <A0 71>
> 939  113:                   [0] {
>    <86 6F>
> 941  111:                     [6]
>         :                   'rsync://llamaxp.arin.net:10873/certrepo/69/f58f3'
>         :                   '2-62a7-418e-9d4d-10a5cde21cf3/1/z7IkhiTQCJViMu58'
>         :                   'ltnGiAqTm98.crl'
>         :                     }
>         :                   }
>         :                 }
>         :               }
>         :             }
>         :           }
>
> It seems I'm missing an extra sequence, but I cannot determine where. Also, 
> if I am I don't know why libtasn1 is allowing me to code the DER without 
> complaint.
>
> Any help is appreciated.
>
> -andy

[Prev in Thread]

Current Thread

[Next in Thread]

DER coding CRLDistributions points, Andy Newton, 2011/02/09
- DER coding CRLDistributions points, Andy Newton, 2011/02/09
  - Re: DER coding CRLDistributions points, Andy Newton, 2011/02/09
    - Re: DER coding CRLDistributions points, Simon Josefsson <=
    - RE: DER coding CRLDistributions points, Andy Newton, 2011/02/10
    - Re: DER coding CRLDistributions points, Simon Josefsson, 2011/02/10

Prev by Date: Re: DER coding CRLDistributions points
Next by Date: RE: DER coding CRLDistributions points
Previous by thread: Re: DER coding CRLDistributions points
Next by thread: RE: DER coding CRLDistributions points
Index(es):
- Date
- Thread