Unexpected difference between version 10x and 11x

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Unexpected difference between version 10x and 11x

tincanteksup
Hi,

Certificate included here is only for testing.

I use EasyRSA to build my PKI -- This all works well.

So, now I have a client cert but, depending on which version of openssl
I use, I get different output in the Issuer line from the same cert.

The difference is:

openssl 101f:
Issuer: C=00, ST=home, L=tct, O=tct.org, OU=tct.v304.secp384r1.20180529,
CN=Easy-RSA CA/emailAddress=[hidden email]

openssl 110h
Issuer: C = 00, ST = home, L = tct, O = tct.org, OU =
tct.v304.secp384r1.20180529, CN = Easy-RSA CA, emailAddress = [hidden email]

Note the extra spaces which are inserted around '='
(cat of the original certificate does not show those spaces)

My question: Is this change intentional ?

I did not feel confident to report this as a bug without asking here first.

Thanks for your time and any help/advice you can offer.
tct



**********

Please find full details of output below:


$ cat tct.v304.secp384r1.c01.crt
Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
             48:07:85:ec:c8:78:e6:e3:ac:91:54:b3:91:07:83:d5
     Signature Algorithm: ecdsa-with-SHA256
         Issuer: C=00, ST=home, L=tct, O=tct.org,
OU=tct.v304.secp384r1.20180529, CN=Easy-RSA CA/emailAddress=[hidden email]
         Validity
             Not Before: May 29 14:01:00 2018 GMT
             Not After : May 28 14:01:00 2028 GMT
         Subject: C=00, ST=home, L=tct, O=tct.org,
OU=tct.v304.secp384r1.20180529,
CN=tct.v304.secp384r1.c01/emailAddress=[hidden email]
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (384 bit)
                 pub:
                     04:b2:d4:42:ab:b7:bd:ba:d6:52:b6:9a:ca:30:50:
                     48:34:5b:72:bf:77:60:c3:7b:4b:fb:18:0f:90:27:
                     a3:bf:f6:db:8b:47:be:04:1f:2a:10:b2:de:7f:6b:
                     f5:e3:5b:12:11:8e:08:85:7c:5b:e8:27:3c:07:fc:
                     2f:cf:96:50:65:96:60:38:4e:49:ed:d5:b4:23:8e:
                     7a:64:d8:29:af:e2:c8:4a:49:31:2f:fe:3b:50:99:
                     a1:7d:3b:30:bd:c4:d4
                 ASN1 OID: secp384r1
         X509v3 extensions:
             X509v3 Basic Constraints:
                 CA:FALSE
             X509v3 Subject Key Identifier:
                 08:C1:03:47:D4:8E:FD:47:80:6B:33:33:D9:53:97:AF:75:BB:72:20
             X509v3 Authority Key Identifier:
 
keyid:3D:05:4B:95:5E:EF:C9:CF:73:00:3B:84:25:F6:65:35:8F:57:A8:F7
 
DirName:/C=00/ST=home/L=tct/O=tct.org/OU=tct.v304.secp384r1.20180529/CN=Easy-RSA
CA/emailAddress=[hidden email]
                 serial:E7:DD:3B:6D:9E:E9:FD:58

             X509v3 Extended Key Usage:
                 TLS Web Client Authentication
             X509v3 Key Usage:
                 Digital Signature
     Signature Algorithm: ecdsa-with-SHA256
          30:64:02:30:4e:39:9a:4b:b0:f9:86:23:00:a1:82:76:8f:ed:
          e5:3f:20:af:a8:64:f1:b2:10:98:75:ab:64:31:38:a5:bf:a2:
          ca:be:18:54:12:b5:8c:1d:c9:91:8a:e6:09:c5:16:a3:02:30:
          5b:32:d4:7a:d0:2e:97:86:65:51:4f:60:16:51:71:bd:ca:7a:
          90:31:5c:0d:62:19:1e:86:29:0c:94:32:1f:33:ce:db:db:b9:
          1e:40:0b:55:17:f1:6c:9e:ff:d2:52:03
-----BEGIN CERTIFICATE-----
MIIDljCCAx2gAwIBAgIQSAeF7Mh45uOskVSzkQeD1TAKBggqhkjOPQQDAjCBlzEL
MAkGA1UEBhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UE
ChMHdGN0Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5
MRQwEgYDVQQDEwtFYXN5LVJTQSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
ZS5uZXQwHhcNMTgwNTI5MTQwMTAwWhcNMjgwNTI4MTQwMTAwWjCBojELMAkGA1UE
BhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UEChMHdGN0
Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5MR8wHQYD
VQQDExZ0Y3QudjMwNC5zZWNwMzg0cjEuYzAxMR0wGwYJKoZIhvcNAQkBFg5tZUBl
eGFtcGxlLm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABLLUQqu3vbrWUraayjBQ
SDRbcr93YMN7S/sYD5Ano7/224tHvgQfKhCy3n9r9eNbEhGOCIV8W+gnPAf8L8+W
UGWWYDhOSe3VtCOOemTYKa/iyEpJMS/+O1CZoX07ML3E1KOCAR8wggEbMAkGA1Ud
EwQCMAAwHQYDVR0OBBYEFAjBA0fUjv1HgGszM9lTl691u3IgMIHMBgNVHSMEgcQw
gcGAFD0FS5Ve78nPcwA7hCX2ZTWPV6j3oYGdpIGaMIGXMQswCQYDVQQGEwIwMDEN
MAsGA1UECBMEaG9tZTEMMAoGA1UEBxMDdGN0MRAwDgYDVQQKEwd0Y3Qub3JnMSQw
IgYDVQQLExt0Y3QudjMwNC5zZWNwMzg0cjEuMjAxODA1MjkxFDASBgNVBAMTC0Vh
c3ktUlNBIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldIIJAOfdO22e
6f1YMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQD
AgNnADBkAjBOOZpLsPmGIwChgnaP7eU/IK+oZPGyEJh1q2QxOKW/osq+GFQStYwd
yZGK5gnFFqMCMFsy1HrQLpeGZVFPYBZRcb3KepAxXA1iGR6GKQyUMh8zztvbuR5A
C1UX8Wye/9JSAw==
-----END CERTIFICATE-----



**********

Now usiing openssl v101f I get

$ openssl x509 -in
/home/arby/sources/easyrsa/ersa304-1/pki/issued/tct.v304.secp384r1.c01.crt
-textCertificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
             48:07:85:ec:c8:78:e6:e3:ac:91:54:b3:91:07:83:d5
     Signature Algorithm: ecdsa-with-SHA256
         Issuer: C=00, ST=home, L=tct, O=tct.org,
OU=tct.v304.secp384r1.20180529, CN=Easy-RSA CA/emailAddress=[hidden email]
         Validity
             Not Before: May 29 14:01:00 2018 GMT
             Not After : May 28 14:01:00 2028 GMT
         Subject: C=00, ST=home, L=tct, O=tct.org,
OU=tct.v304.secp384r1.20180529,
CN=tct.v304.secp384r1.c01/emailAddress=[hidden email]
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (384 bit)
                 pub:
                     04:b2:d4:42:ab:b7:bd:ba:d6:52:b6:9a:ca:30:50:
                     48:34:5b:72:bf:77:60:c3:7b:4b:fb:18:0f:90:27:
                     a3:bf:f6:db:8b:47:be:04:1f:2a:10:b2:de:7f:6b:
                     f5:e3:5b:12:11:8e:08:85:7c:5b:e8:27:3c:07:fc:
                     2f:cf:96:50:65:96:60:38:4e:49:ed:d5:b4:23:8e:
                     7a:64:d8:29:af:e2:c8:4a:49:31:2f:fe:3b:50:99:
                     a1:7d:3b:30:bd:c4:d4
                 ASN1 OID: secp384r1
         X509v3 extensions:
             X509v3 Basic Constraints:
                 CA:FALSE
             X509v3 Subject Key Identifier:
                 08:C1:03:47:D4:8E:FD:47:80:6B:33:33:D9:53:97:AF:75:BB:72:20
             X509v3 Authority Key Identifier:
 
keyid:3D:05:4B:95:5E:EF:C9:CF:73:00:3B:84:25:F6:65:35:8F:57:A8:F7
 
DirName:/C=00/ST=home/L=tct/O=tct.org/OU=tct.v304.secp384r1.20180529/CN=Easy-RSA
CA/emailAddress=[hidden email]
                 serial:E7:DD:3B:6D:9E:E9:FD:58

             X509v3 Extended Key Usage:
                 TLS Web Client Authentication
             X509v3 Key Usage:
                 Digital Signature
     Signature Algorithm: ecdsa-with-SHA256
          30:64:02:30:4e:39:9a:4b:b0:f9:86:23:00:a1:82:76:8f:ed:
          e5:3f:20:af:a8:64:f1:b2:10:98:75:ab:64:31:38:a5:bf:a2:
          ca:be:18:54:12:b5:8c:1d:c9:91:8a:e6:09:c5:16:a3:02:30:
          5b:32:d4:7a:d0:2e:97:86:65:51:4f:60:16:51:71:bd:ca:7a:
          90:31:5c:0d:62:19:1e:86:29:0c:94:32:1f:33:ce:db:db:b9:
          1e:40:0b:55:17:f1:6c:9e:ff:d2:52:03
-----BEGIN CERTIFICATE-----
MIIDljCCAx2gAwIBAgIQSAeF7Mh45uOskVSzkQeD1TAKBggqhkjOPQQDAjCBlzEL
MAkGA1UEBhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UE
ChMHdGN0Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5
MRQwEgYDVQQDEwtFYXN5LVJTQSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
ZS5uZXQwHhcNMTgwNTI5MTQwMTAwWhcNMjgwNTI4MTQwMTAwWjCBojELMAkGA1UE
BhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UEChMHdGN0
Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5MR8wHQYD
VQQDExZ0Y3QudjMwNC5zZWNwMzg0cjEuYzAxMR0wGwYJKoZIhvcNAQkBFg5tZUBl
eGFtcGxlLm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABLLUQqu3vbrWUraayjBQ
SDRbcr93YMN7S/sYD5Ano7/224tHvgQfKhCy3n9r9eNbEhGOCIV8W+gnPAf8L8+W
UGWWYDhOSe3VtCOOemTYKa/iyEpJMS/+O1CZoX07ML3E1KOCAR8wggEbMAkGA1Ud
EwQCMAAwHQYDVR0OBBYEFAjBA0fUjv1HgGszM9lTl691u3IgMIHMBgNVHSMEgcQw
gcGAFD0FS5Ve78nPcwA7hCX2ZTWPV6j3oYGdpIGaMIGXMQswCQYDVQQGEwIwMDEN
MAsGA1UECBMEaG9tZTEMMAoGA1UEBxMDdGN0MRAwDgYDVQQKEwd0Y3Qub3JnMSQw
IgYDVQQLExt0Y3QudjMwNC5zZWNwMzg0cjEuMjAxODA1MjkxFDASBgNVBAMTC0Vh
c3ktUlNBIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldIIJAOfdO22e
6f1YMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQD
AgNnADBkAjBOOZpLsPmGIwChgnaP7eU/IK+oZPGyEJh1q2QxOKW/osq+GFQStYwd
yZGK5gnFFqMCMFsy1HrQLpeGZVFPYBZRcb3KepAxXA1iGR6GKQyUMh8zztvbuR5A
C1UX8Wye/9JSAw==
-----END CERTIFICATE-----


**********

Now using openssl 110h

$ openssl x509 -in /root/tct.v304.secp384r1.c01.crt -text
Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
             48:07:85:ec:c8:78:e6:e3:ac:91:54:b3:91:07:83:d5
     Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = 00, ST = home, L = tct, O = tct.org, OU =
tct.v304.secp384r1.20180529, CN = Easy-RSA CA, emailAddress = [hidden email]
         Validity
             Not Before: May 29 14:01:00 2018 GMT
             Not After : May 28 14:01:00 2028 GMT
         Subject: C = 00, ST = home, L = tct, O = tct.org, OU =
tct.v304.secp384r1.20180529, CN = tct.v304.secp384r1.c01, emailAddress =
[hidden email]
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (384 bit)
                 pub:
                     04:b2:d4:42:ab:b7:bd:ba:d6:52:b6:9a:ca:30:50:
                     48:34:5b:72:bf:77:60:c3:7b:4b:fb:18:0f:90:27:
                     a3:bf:f6:db:8b:47:be:04:1f:2a:10:b2:de:7f:6b:
                     f5:e3:5b:12:11:8e:08:85:7c:5b:e8:27:3c:07:fc:
                     2f:cf:96:50:65:96:60:38:4e:49:ed:d5:b4:23:8e:
                     7a:64:d8:29:af:e2:c8:4a:49:31:2f:fe:3b:50:99:
                     a1:7d:3b:30:bd:c4:d4
                 ASN1 OID: secp384r1
                 NIST CURVE: P-384
         X509v3 extensions:
             X509v3 Basic Constraints:
                 CA:FALSE
             X509v3 Subject Key Identifier:
                 08:C1:03:47:D4:8E:FD:47:80:6B:33:33:D9:53:97:AF:75:BB:72:20
             X509v3 Authority Key Identifier:
 
keyid:3D:05:4B:95:5E:EF:C9:CF:73:00:3B:84:25:F6:65:35:8F:57:A8:F7
 
DirName:/C=00/ST=home/L=tct/O=tct.org/OU=tct.v304.secp384r1.20180529/CN=Easy-RSA
CA/emailAddress=[hidden email]
                 serial:E7:DD:3B:6D:9E:E9:FD:58

             X509v3 Extended Key Usage:
                 TLS Web Client Authentication
             X509v3 Key Usage:
                 Digital Signature
     Signature Algorithm: ecdsa-with-SHA256
          30:64:02:30:4e:39:9a:4b:b0:f9:86:23:00:a1:82:76:8f:ed:
          e5:3f:20:af:a8:64:f1:b2:10:98:75:ab:64:31:38:a5:bf:a2:
          ca:be:18:54:12:b5:8c:1d:c9:91:8a:e6:09:c5:16:a3:02:30:
          5b:32:d4:7a:d0:2e:97:86:65:51:4f:60:16:51:71:bd:ca:7a:
          90:31:5c:0d:62:19:1e:86:29:0c:94:32:1f:33:ce:db:db:b9:
          1e:40:0b:55:17:f1:6c:9e:ff:d2:52:03
-----BEGIN CERTIFICATE-----
MIIDljCCAx2gAwIBAgIQSAeF7Mh45uOskVSzkQeD1TAKBggqhkjOPQQDAjCBlzEL
MAkGA1UEBhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UE
ChMHdGN0Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5
MRQwEgYDVQQDEwtFYXN5LVJTQSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
ZS5uZXQwHhcNMTgwNTI5MTQwMTAwWhcNMjgwNTI4MTQwMTAwWjCBojELMAkGA1UE
BhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UEChMHdGN0
Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5MR8wHQYD
VQQDExZ0Y3QudjMwNC5zZWNwMzg0cjEuYzAxMR0wGwYJKoZIhvcNAQkBFg5tZUBl
eGFtcGxlLm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABLLUQqu3vbrWUraayjBQ
SDRbcr93YMN7S/sYD5Ano7/224tHvgQfKhCy3n9r9eNbEhGOCIV8W+gnPAf8L8+W
UGWWYDhOSe3VtCOOemTYKa/iyEpJMS/+O1CZoX07ML3E1KOCAR8wggEbMAkGA1Ud
EwQCMAAwHQYDVR0OBBYEFAjBA0fUjv1HgGszM9lTl691u3IgMIHMBgNVHSMEgcQw
gcGAFD0FS5Ve78nPcwA7hCX2ZTWPV6j3oYGdpIGaMIGXMQswCQYDVQQGEwIwMDEN
MAsGA1UECBMEaG9tZTEMMAoGA1UEBxMDdGN0MRAwDgYDVQQKEwd0Y3Qub3JnMSQw
IgYDVQQLExt0Y3QudjMwNC5zZWNwMzg0cjEuMjAxODA1MjkxFDASBgNVBAMTC0Vh
c3ktUlNBIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldIIJAOfdO22e
6f1YMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQD
AgNnADBkAjBOOZpLsPmGIwChgnaP7eU/IK+oZPGyEJh1q2QxOKW/osq+GFQStYwd
yZGK5gnFFqMCMFsy1HrQLpeGZVFPYBZRcb3KepAxXA1iGR6GKQyUMh8zztvbuR5A
C1UX8Wye/9JSAw==
-----END CERTIFICATE-----


**********

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Unexpected difference between version 10x and 11x

tincanteksup
After some RTFM, I found space_ec .. which confirms that this change was
intentional.

Thanks


On 29/05/18 16:27, tincanteksup wrote:

> Hi,
>
> Certificate included here is only for testing.
>
> I use EasyRSA to build my PKI -- This all works well.
>
> So, now I have a client cert but, depending on which version of openssl
> I use, I get different output in the Issuer line from the same cert.
>
> The difference is:
>
> openssl 101f:
> Issuer: C=00, ST=home, L=tct, O=tct.org, OU=tct.v304.secp384r1.20180529,
> CN=Easy-RSA CA/emailAddress=[hidden email]
>
> openssl 110h
> Issuer: C = 00, ST = home, L = tct, O = tct.org, OU =
> tct.v304.secp384r1.20180529, CN = Easy-RSA CA, emailAddress =
> [hidden email]
>
> Note the extra spaces which are inserted around '='
> (cat of the original certificate does not show those spaces)
>
> My question: Is this change intentional ?
>
> I did not feel confident to report this as a bug without asking here first.
>
> Thanks for your time and any help/advice you can offer.
> tct
>
>
>
> **********
>
> Please find full details of output below:
>
>
> $ cat tct.v304.secp384r1.c01.crt
> Certificate:
>      Data:
>          Version: 3 (0x2)
>          Serial Number:
>              48:07:85:ec:c8:78:e6:e3:ac:91:54:b3:91:07:83:d5
>      Signature Algorithm: ecdsa-with-SHA256
>          Issuer: C=00, ST=home, L=tct, O=tct.org,
> OU=tct.v304.secp384r1.20180529, CN=Easy-RSA CA/emailAddress=[hidden email]
>          Validity
>              Not Before: May 29 14:01:00 2018 GMT
>              Not After : May 28 14:01:00 2028 GMT
>          Subject: C=00, ST=home, L=tct, O=tct.org,
> OU=tct.v304.secp384r1.20180529,
> CN=tct.v304.secp384r1.c01/emailAddress=[hidden email]
>          Subject Public Key Info:
>              Public Key Algorithm: id-ecPublicKey
>                  Public-Key: (384 bit)
>                  pub:
>                      04:b2:d4:42:ab:b7:bd:ba:d6:52:b6:9a:ca:30:50:
>                      48:34:5b:72:bf:77:60:c3:7b:4b:fb:18:0f:90:27:
>                      a3:bf:f6:db:8b:47:be:04:1f:2a:10:b2:de:7f:6b:
>                      f5:e3:5b:12:11:8e:08:85:7c:5b:e8:27:3c:07:fc:
>                      2f:cf:96:50:65:96:60:38:4e:49:ed:d5:b4:23:8e:
>                      7a:64:d8:29:af:e2:c8:4a:49:31:2f:fe:3b:50:99:
>                      a1:7d:3b:30:bd:c4:d4
>                  ASN1 OID: secp384r1
>          X509v3 extensions:
>              X509v3 Basic Constraints:
>                  CA:FALSE
>              X509v3 Subject Key Identifier:
>                  
> 08:C1:03:47:D4:8E:FD:47:80:6B:33:33:D9:53:97:AF:75:BB:72:20
>              X509v3 Authority Key Identifier:
>
> keyid:3D:05:4B:95:5E:EF:C9:CF:73:00:3B:84:25:F6:65:35:8F:57:A8:F7
>
> DirName:/C=00/ST=home/L=tct/O=tct.org/OU=tct.v304.secp384r1.20180529/CN=Easy-RSA
> CA/emailAddress=[hidden email]
>                  serial:E7:DD:3B:6D:9E:E9:FD:58
>
>              X509v3 Extended Key Usage:
>                  TLS Web Client Authentication
>              X509v3 Key Usage:
>                  Digital Signature
>      Signature Algorithm: ecdsa-with-SHA256
>           30:64:02:30:4e:39:9a:4b:b0:f9:86:23:00:a1:82:76:8f:ed:
>           e5:3f:20:af:a8:64:f1:b2:10:98:75:ab:64:31:38:a5:bf:a2:
>           ca:be:18:54:12:b5:8c:1d:c9:91:8a:e6:09:c5:16:a3:02:30:
>           5b:32:d4:7a:d0:2e:97:86:65:51:4f:60:16:51:71:bd:ca:7a:
>           90:31:5c:0d:62:19:1e:86:29:0c:94:32:1f:33:ce:db:db:b9:
>           1e:40:0b:55:17:f1:6c:9e:ff:d2:52:03
> -----BEGIN CERTIFICATE-----
> MIIDljCCAx2gAwIBAgIQSAeF7Mh45uOskVSzkQeD1TAKBggqhkjOPQQDAjCBlzEL
> MAkGA1UEBhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UE
> ChMHdGN0Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5
> MRQwEgYDVQQDEwtFYXN5LVJTQSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
> ZS5uZXQwHhcNMTgwNTI5MTQwMTAwWhcNMjgwNTI4MTQwMTAwWjCBojELMAkGA1UE
> BhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UEChMHdGN0
> Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5MR8wHQYD
> VQQDExZ0Y3QudjMwNC5zZWNwMzg0cjEuYzAxMR0wGwYJKoZIhvcNAQkBFg5tZUBl
> eGFtcGxlLm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABLLUQqu3vbrWUraayjBQ
> SDRbcr93YMN7S/sYD5Ano7/224tHvgQfKhCy3n9r9eNbEhGOCIV8W+gnPAf8L8+W
> UGWWYDhOSe3VtCOOemTYKa/iyEpJMS/+O1CZoX07ML3E1KOCAR8wggEbMAkGA1Ud
> EwQCMAAwHQYDVR0OBBYEFAjBA0fUjv1HgGszM9lTl691u3IgMIHMBgNVHSMEgcQw
> gcGAFD0FS5Ve78nPcwA7hCX2ZTWPV6j3oYGdpIGaMIGXMQswCQYDVQQGEwIwMDEN
> MAsGA1UECBMEaG9tZTEMMAoGA1UEBxMDdGN0MRAwDgYDVQQKEwd0Y3Qub3JnMSQw
> IgYDVQQLExt0Y3QudjMwNC5zZWNwMzg0cjEuMjAxODA1MjkxFDASBgNVBAMTC0Vh
> c3ktUlNBIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldIIJAOfdO22e
> 6f1YMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQD
> AgNnADBkAjBOOZpLsPmGIwChgnaP7eU/IK+oZPGyEJh1q2QxOKW/osq+GFQStYwd
> yZGK5gnFFqMCMFsy1HrQLpeGZVFPYBZRcb3KepAxXA1iGR6GKQyUMh8zztvbuR5A
> C1UX8Wye/9JSAw==
> -----END CERTIFICATE-----
>
>
>
> **********
>
> Now usiing openssl v101f I get
>
> $ openssl x509 -in
> /home/arby/sources/easyrsa/ersa304-1/pki/issued/tct.v304.secp384r1.c01.crt
> -textCertificate:
>      Data:
>          Version: 3 (0x2)
>          Serial Number:
>              48:07:85:ec:c8:78:e6:e3:ac:91:54:b3:91:07:83:d5
>      Signature Algorithm: ecdsa-with-SHA256
>          Issuer: C=00, ST=home, L=tct, O=tct.org,
> OU=tct.v304.secp384r1.20180529, CN=Easy-RSA CA/emailAddress=[hidden email]
>          Validity
>              Not Before: May 29 14:01:00 2018 GMT
>              Not After : May 28 14:01:00 2028 GMT
>          Subject: C=00, ST=home, L=tct, O=tct.org,
> OU=tct.v304.secp384r1.20180529,
> CN=tct.v304.secp384r1.c01/emailAddress=[hidden email]
>          Subject Public Key Info:
>              Public Key Algorithm: id-ecPublicKey
>                  Public-Key: (384 bit)
>                  pub:
>                      04:b2:d4:42:ab:b7:bd:ba:d6:52:b6:9a:ca:30:50:
>                      48:34:5b:72:bf:77:60:c3:7b:4b:fb:18:0f:90:27:
>                      a3:bf:f6:db:8b:47:be:04:1f:2a:10:b2:de:7f:6b:
>                      f5:e3:5b:12:11:8e:08:85:7c:5b:e8:27:3c:07:fc:
>                      2f:cf:96:50:65:96:60:38:4e:49:ed:d5:b4:23:8e:
>                      7a:64:d8:29:af:e2:c8:4a:49:31:2f:fe:3b:50:99:
>                      a1:7d:3b:30:bd:c4:d4
>                  ASN1 OID: secp384r1
>          X509v3 extensions:
>              X509v3 Basic Constraints:
>                  CA:FALSE
>              X509v3 Subject Key Identifier:
>                  
> 08:C1:03:47:D4:8E:FD:47:80:6B:33:33:D9:53:97:AF:75:BB:72:20
>              X509v3 Authority Key Identifier:
>
> keyid:3D:05:4B:95:5E:EF:C9:CF:73:00:3B:84:25:F6:65:35:8F:57:A8:F7
>
> DirName:/C=00/ST=home/L=tct/O=tct.org/OU=tct.v304.secp384r1.20180529/CN=Easy-RSA
> CA/emailAddress=[hidden email]
>                  serial:E7:DD:3B:6D:9E:E9:FD:58
>
>              X509v3 Extended Key Usage:
>                  TLS Web Client Authentication
>              X509v3 Key Usage:
>                  Digital Signature
>      Signature Algorithm: ecdsa-with-SHA256
>           30:64:02:30:4e:39:9a:4b:b0:f9:86:23:00:a1:82:76:8f:ed:
>           e5:3f:20:af:a8:64:f1:b2:10:98:75:ab:64:31:38:a5:bf:a2:
>           ca:be:18:54:12:b5:8c:1d:c9:91:8a:e6:09:c5:16:a3:02:30:
>           5b:32:d4:7a:d0:2e:97:86:65:51:4f:60:16:51:71:bd:ca:7a:
>           90:31:5c:0d:62:19:1e:86:29:0c:94:32:1f:33:ce:db:db:b9:
>           1e:40:0b:55:17:f1:6c:9e:ff:d2:52:03
> -----BEGIN CERTIFICATE-----
> MIIDljCCAx2gAwIBAgIQSAeF7Mh45uOskVSzkQeD1TAKBggqhkjOPQQDAjCBlzEL
> MAkGA1UEBhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UE
> ChMHdGN0Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5
> MRQwEgYDVQQDEwtFYXN5LVJTQSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
> ZS5uZXQwHhcNMTgwNTI5MTQwMTAwWhcNMjgwNTI4MTQwMTAwWjCBojELMAkGA1UE
> BhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UEChMHdGN0
> Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5MR8wHQYD
> VQQDExZ0Y3QudjMwNC5zZWNwMzg0cjEuYzAxMR0wGwYJKoZIhvcNAQkBFg5tZUBl
> eGFtcGxlLm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABLLUQqu3vbrWUraayjBQ
> SDRbcr93YMN7S/sYD5Ano7/224tHvgQfKhCy3n9r9eNbEhGOCIV8W+gnPAf8L8+W
> UGWWYDhOSe3VtCOOemTYKa/iyEpJMS/+O1CZoX07ML3E1KOCAR8wggEbMAkGA1Ud
> EwQCMAAwHQYDVR0OBBYEFAjBA0fUjv1HgGszM9lTl691u3IgMIHMBgNVHSMEgcQw
> gcGAFD0FS5Ve78nPcwA7hCX2ZTWPV6j3oYGdpIGaMIGXMQswCQYDVQQGEwIwMDEN
> MAsGA1UECBMEaG9tZTEMMAoGA1UEBxMDdGN0MRAwDgYDVQQKEwd0Y3Qub3JnMSQw
> IgYDVQQLExt0Y3QudjMwNC5zZWNwMzg0cjEuMjAxODA1MjkxFDASBgNVBAMTC0Vh
> c3ktUlNBIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldIIJAOfdO22e
> 6f1YMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQD
> AgNnADBkAjBOOZpLsPmGIwChgnaP7eU/IK+oZPGyEJh1q2QxOKW/osq+GFQStYwd
> yZGK5gnFFqMCMFsy1HrQLpeGZVFPYBZRcb3KepAxXA1iGR6GKQyUMh8zztvbuR5A
> C1UX8Wye/9JSAw==
> -----END CERTIFICATE-----
>
>
> **********
>
> Now using openssl 110h
>
> $ openssl x509 -in /root/tct.v304.secp384r1.c01.crt -text
> Certificate:
>      Data:
>          Version: 3 (0x2)
>          Serial Number:
>              48:07:85:ec:c8:78:e6:e3:ac:91:54:b3:91:07:83:d5
>      Signature Algorithm: ecdsa-with-SHA256
>          Issuer: C = 00, ST = home, L = tct, O = tct.org, OU =
> tct.v304.secp384r1.20180529, CN = Easy-RSA CA, emailAddress =
> [hidden email]
>          Validity
>              Not Before: May 29 14:01:00 2018 GMT
>              Not After : May 28 14:01:00 2028 GMT
>          Subject: C = 00, ST = home, L = tct, O = tct.org, OU =
> tct.v304.secp384r1.20180529, CN = tct.v304.secp384r1.c01, emailAddress =
> [hidden email]
>          Subject Public Key Info:
>              Public Key Algorithm: id-ecPublicKey
>                  Public-Key: (384 bit)
>                  pub:
>                      04:b2:d4:42:ab:b7:bd:ba:d6:52:b6:9a:ca:30:50:
>                      48:34:5b:72:bf:77:60:c3:7b:4b:fb:18:0f:90:27:
>                      a3:bf:f6:db:8b:47:be:04:1f:2a:10:b2:de:7f:6b:
>                      f5:e3:5b:12:11:8e:08:85:7c:5b:e8:27:3c:07:fc:
>                      2f:cf:96:50:65:96:60:38:4e:49:ed:d5:b4:23:8e:
>                      7a:64:d8:29:af:e2:c8:4a:49:31:2f:fe:3b:50:99:
>                      a1:7d:3b:30:bd:c4:d4
>                  ASN1 OID: secp384r1
>                  NIST CURVE: P-384
>          X509v3 extensions:
>              X509v3 Basic Constraints:
>                  CA:FALSE
>              X509v3 Subject Key Identifier:
>                  
> 08:C1:03:47:D4:8E:FD:47:80:6B:33:33:D9:53:97:AF:75:BB:72:20
>              X509v3 Authority Key Identifier:
>
> keyid:3D:05:4B:95:5E:EF:C9:CF:73:00:3B:84:25:F6:65:35:8F:57:A8:F7
>
> DirName:/C=00/ST=home/L=tct/O=tct.org/OU=tct.v304.secp384r1.20180529/CN=Easy-RSA
> CA/emailAddress=[hidden email]
>                  serial:E7:DD:3B:6D:9E:E9:FD:58
>
>              X509v3 Extended Key Usage:
>                  TLS Web Client Authentication
>              X509v3 Key Usage:
>                  Digital Signature
>      Signature Algorithm: ecdsa-with-SHA256
>           30:64:02:30:4e:39:9a:4b:b0:f9:86:23:00:a1:82:76:8f:ed:
>           e5:3f:20:af:a8:64:f1:b2:10:98:75:ab:64:31:38:a5:bf:a2:
>           ca:be:18:54:12:b5:8c:1d:c9:91:8a:e6:09:c5:16:a3:02:30:
>           5b:32:d4:7a:d0:2e:97:86:65:51:4f:60:16:51:71:bd:ca:7a:
>           90:31:5c:0d:62:19:1e:86:29:0c:94:32:1f:33:ce:db:db:b9:
>           1e:40:0b:55:17:f1:6c:9e:ff:d2:52:03
> -----BEGIN CERTIFICATE-----
> MIIDljCCAx2gAwIBAgIQSAeF7Mh45uOskVSzkQeD1TAKBggqhkjOPQQDAjCBlzEL
> MAkGA1UEBhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UE
> ChMHdGN0Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5
> MRQwEgYDVQQDEwtFYXN5LVJTQSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
> ZS5uZXQwHhcNMTgwNTI5MTQwMTAwWhcNMjgwNTI4MTQwMTAwWjCBojELMAkGA1UE
> BhMCMDAxDTALBgNVBAgTBGhvbWUxDDAKBgNVBAcTA3RjdDEQMA4GA1UEChMHdGN0
> Lm9yZzEkMCIGA1UECxMbdGN0LnYzMDQuc2VjcDM4NHIxLjIwMTgwNTI5MR8wHQYD
> VQQDExZ0Y3QudjMwNC5zZWNwMzg0cjEuYzAxMR0wGwYJKoZIhvcNAQkBFg5tZUBl
> eGFtcGxlLm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABLLUQqu3vbrWUraayjBQ
> SDRbcr93YMN7S/sYD5Ano7/224tHvgQfKhCy3n9r9eNbEhGOCIV8W+gnPAf8L8+W
> UGWWYDhOSe3VtCOOemTYKa/iyEpJMS/+O1CZoX07ML3E1KOCAR8wggEbMAkGA1Ud
> EwQCMAAwHQYDVR0OBBYEFAjBA0fUjv1HgGszM9lTl691u3IgMIHMBgNVHSMEgcQw
> gcGAFD0FS5Ve78nPcwA7hCX2ZTWPV6j3oYGdpIGaMIGXMQswCQYDVQQGEwIwMDEN
> MAsGA1UECBMEaG9tZTEMMAoGA1UEBxMDdGN0MRAwDgYDVQQKEwd0Y3Qub3JnMSQw
> IgYDVQQLExt0Y3QudjMwNC5zZWNwMzg0cjEuMjAxODA1MjkxFDASBgNVBAMTC0Vh
> c3ktUlNBIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldIIJAOfdO22e
> 6f1YMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQD
> AgNnADBkAjBOOZpLsPmGIwChgnaP7eU/IK+oZPGyEJh1q2QxOKW/osq+GFQStYwd
> yZGK5gnFFqMCMFsy1HrQLpeGZVFPYBZRcb3KepAxXA1iGR6GKQyUMh8zztvbuR5A
> C1UX8Wye/9JSAw==
> -----END CERTIFICATE-----
>
>
> **********
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users