openssl can don' t handle 20 Octes long Serial Numbers RFC 3280

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

openssl can don' t handle 20 Octes long Serial Numbers RFC 3280

Bohn, Michael
Hi all,
sorry that I send the same e-mail again but I did't find any answer to my last one.
 
We have the case that openssl can not handle long serial numbers.
In ower case we have this Serail Nr. 9a 38 74 00 00 00 00 25 be
but  OpenSSL 0.9.7e 25 Oct 2004 print this:
 
openssl x509 -in file  -noout -text 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
             (Negative)65:c7:8b:ff:ff:ff:ff:da:42
 
 
windows cisco and  mozilla can handle this SN  without any problems.
 
 
################ RFC 3280        ############################
 
RFC 3280        Internet X.509 Public Key Infrastructure      April 2002


   Given the uniqueness requirements above, serial numbers can be
   expected to contain long integers.  Certificate users MUST be able to
   handle serialNumber values up to 20 octets.  Conformant CAs MUST NOT
   use serialNumber values longer than 20 octets.
 
###############################################################
 
 
best regards
 
 
Michael
Reply | Threaded
Open this post in threaded view
|

AW: openssl can don' t handle 20 Octes long Serial Numbers RFC 3280

Bohn, Michael
Hi Thomas,
the CA is an Windows CA 
 
Michael


Von: [hidden email] [mailto:[hidden email]] Im Auftrag von [hidden email]
Gesendet: Mittwoch, 11. Januar 2006 16:54
An: [hidden email]
Betreff: AW: openssl can don' t handle 20 Octes long Serial Numbers RFC 3280

Michael,
 
just for my curiousity... who ist the issuer of the certificate?
 
Best regards
 
Thomas


Von: [hidden email] [mailto:[hidden email]] Im Auftrag von Bohn, Michael
Gesendet: Mittwoch, 11. Januar 2006 07:20
An: [hidden email]
Betreff: openssl can don' t handle 20 Octes long Serial Numbers RFC 3280

Hi all,
sorry that I send the same e-mail again but I did't find any answer to my last one.
 
We have the case that openssl can not handle long serial numbers.
In ower case we have this Serail Nr. 9a 38 74 00 00 00 00 25 be
but  OpenSSL 0.9.7e 25 Oct 2004 print this:
 
openssl x509 -in file  -noout -text 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
             (Negative)65:c7:8b:ff:ff:ff:ff:da:42
 
 
windows cisco and  mozilla can handle this SN  without any problems.
 
 
################ RFC 3280        ############################
 
RFC 3280        Internet X.509 Public Key Infrastructure      April 2002


   Given the uniqueness requirements above, serial numbers can be
   expected to contain long integers.  Certificate users MUST be able to
   handle serialNumber values up to 20 octets.  Conformant CAs MUST NOT
   use serialNumber values longer than 20 octets.
 
###############################################################
 
 
best regards
 
 
Michael