openssl ocsp request , serial number

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

openssl ocsp request , serial number

Choudhary, Bimalendu
Hi,


I am using an OCSP command to sned ocsp request to my program using
following command  

Openssl ocsp -serial 0x80 -issuer issuer.pem -text -url http://myprogram


When I see the actual DER encoded request which openssl sends, I found
different behaviour for different serial numbers.

1) When I send the serial number -serial 0x8 the der encoded serial
number is

02 01 08

2) When I send the serial number 0x81 the der encoded serial number is

02 02 00 81

3) When I send the serial number 0x811 the der encoded serial number is

02 02 08 11

4) When I send the serial number 0x8111 the der encoded serial number is

02 03 00 81 11



The problem here is that in case 2) and 4) there is a extra byte 00
appended in front of the actual serial number given in the command line.

Can any one tell me why the length is being increased and an extra 00 is
added in front of the serial number in this two cases.

It happens foe any serial number starting with hex digit 8 or above and
number of digit in the serial number is even.

Thanks
Bimalendu  
 

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Thomas J. Hruska
Sent: Wednesday, July 06, 2005 11:51 AM
To: [hidden email]
Subject: Re: BC-32 dll

[hidden email] wrote:
> Hi there, I've finaly compiled 0.9.8 under BCB win32 (Yay!) and now
wondering is there any way do make dlls instead of .libs?

If you are using the default build of OpenSSL:

http://www.slproweb.com/products/Win32OpenSSL.html

It comes with pre-built binaries and libraries of the default build of
OpenSSL to link against for Borland Builder 4/5/6 (AND also works with
the free command line tools).  This project typically lags behind
OpenSSL by a couple days.

Thomas Hruska
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: openssl ocsp request , serial number

Richard Levitte - VMS Whacker
In message <[hidden email]> on Wed, 6 Jul 2005 09:07:23 -0700, "Choudhary, Bimalendu" <[hidden email]> said:

bchoudhary> 2) When I send the serial number 0x81 the der encoded
bchoudhary>    serial number is
bchoudhary>
bchoudhary> 02 02 00 81
bchoudhary>
bchoudhary> 4) When I send the serial number 0x8111 the der encoded
bchoudhary>    serial number is
bchoudhary>
bchoudhary> 02 03 00 81 11
bchoudhary>
bchoudhary> The problem here is that in case 2) and 4) there is a
bchoudhary> extra byte 00 appended in front of the actual serial
bchoudhary> number given in the command line.
bchoudhary>
bchoudhary> Can any one tell me why the length is being increased and
bchoudhary> an extra 00 is added in front of the serial number in this
bchoudhary> two cases.
bchoudhary>
bchoudhary> It happens foe any serial number starting with hex digit 8
bchoudhary> or above and number of digit in the serial number is even.

ASN.1 Complete (downloadable from http://www.oss.com/asn1/larmouth.html),
Section 3.3 (Encoding an INTEGER value) explains it.  Basically, the
integer is a 2-complement value.  This means '02 01 81' would be
interpreted as (decimal) -127, while '02 02 00 81' is correctly
interpreted as (decimal) 129.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte                         [hidden email]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]