Un-signed CSRs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Un-signed CSRs

Ellie Daw
Has anyone had success parsing un-signed CSRs? Based on some research and the errors I’m seeing while trying to get my code working, it seems like the d2i_X509_REQ_bio (and more directly the asn1_parse) API choke on un-signed CSRs… this is the error dump:

OSSL error: 140021221574400:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287:
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algorithm, Type=X509_ALGOR
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algor, Type=X509_PUBKEY
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=pubkey, Type=X509_REQ_INFO
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=req_info, Type=X509_REQ
asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287
asn1 encoding routines: ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algorithm, Type=X509_ALGOR
asn1 encoding routines: ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algor, Type=X509_PUBKEY
asn1 encoding routines: ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=pubkey, Type=X509_REQ_INFO
asn1 encoding routines: ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=req_info, Type=X509_REQ



When I paste the same data into a DER encoded file and use ‘openssl req…’ to verify the CSR, I’m getting almost the same error:
asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287:
140736720540680:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:699:Field=algorithm, Type=X509_ALGOR
140736720540680:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:699:Field=algor, Type=X509_PUBKEY
140736720540680:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:699:Field=pubkey, Type=X509_REQ_INFO
140736720540680:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:699:Field=req_info, Type=X509_REQ
140736720540680:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287
asn1 encoding routines: ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algorithm, Type=X509_ALGOR
asn1 encoding routines: ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algor, Type=X509_PUBKEY
asn1 encoding routines: ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=pubkey, Type=X509_REQ_INFO
asn1 encoding routines: ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=req_info, Type=X509_REQ
PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83


Thanks!
Ellie
OSSL error: 140021221574400:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287:
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algorithm, Type=X509_ALGOR
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algor, Type=X509_PUBKEY
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=pubkey, Type=X509_REQ_INFO
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=req_info, Type=X509_REQ
OSSL error: 140021221574400:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287:
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algorithm, Type=X509_ALGOR
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algor, Type=X509_PUBKEY
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=pubkey, Type=X509_REQ_INFO
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=req_info, Type=X509_REQ
OSSL error: 140021221574400:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287:
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algorithm, Type=X509_ALGOR
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algor, Type=X509_PUBKEY
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=pubkey, Type=X509_REQ_INFO
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=req_info, Type=X509_REQ
OSSL error: 140021221574400:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287:
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algorithm, Type=X509_ALGOR
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algor, Type=X509_PUBKEY
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=pubkey, Type=X509_REQ_INFO
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=req_info, Type=X509_REQOSSL error: 140021221574400:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287:
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algorithm, Type=X509_ALGOR
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algor, Type=X509_PUBKEY
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=pubkey, Type=X509_REQ_INFO
140021221574400:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=req_info, Type=X509_REQ
OSSL error: 140021196396288:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287:
140021196396288:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algorithm, Type=X509_ALGOR
140021196396288:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=algor, Type=X509_PUBKEY
140021196396288:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=pubkey, Type=X509_REQ_INFO
140021196396288:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=req_info, Type=X509_REQ

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Un-signed CSRs

OpenSSL - User mailing list

 

Ø  Has anyone had success parsing un-signed CSRs?

 

By its definition a CSR is signed.  So this will not work.

 
 

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Un-signed CSRs

Ellie Daw
Right, I’m just trying to fill it out in steps and wanted to check to be sure I wasn’t missing a trick with the API before I implement any “workaround”.

Thanks for your response!

On Sep 21, 2017, at 11:26 AM, Salz, Rich via openssl-users <[hidden email]> wrote:

 
Ø  Has anyone had success parsing un-signed CSRs?
 
By its definition a CSR is signed.  So this will not work.
 
 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users