Parsing problem in X509_NAME with PostalAddress
g...@ncp.de
Hallo,
With the current version of openssl when parsing the X.509 name
(d2i_X509_NAME), a problem occurs when there is a PostalAddress
sequence within the X.509 name. Below you have the openssl error traces
during the parsing.
1808:error:0D07808C:asn1 encoding routines:ASN1_ITEM_EX_D2I:mstring
wrong tag:tasn_dec.c:188:Type=ASN1_PRINTABLE
1808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
error:tasn_dec.c:566:Field=value, Type=X509_NAME_ENTRY
1808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
error:tasn_dec.c:542:
1808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
error:tasn_dec.c:542:
PostalAddress is defined as follows:
id-at-postalAddress AttributeType ::= { id-at 16 }
PostalAddress ::= SEQUENCE SIZE (1..6) OF DirectoryString
X509 Entry is defined as :
ASN1_SEQUENCE(X509_NAME_ENTRY) = {
ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
Question:
What must we do to get a correct parsing ?
...
127:d=2 hl=3 l= 184 cons: SEQUENCE
130:d=3 hl=2 l= 30 cons: SET
132:d=4 hl=2 l= 28 cons: SEQUENCE
134:d=5 hl=2 l= 3 prim: OBJECT :commonName
139:d=5 hl=2 l= 21 prim: UTF8STRING
162:d=3 hl=2 l= 14 cons: SET
164:d=4 hl=2 l= 12 cons: SEQUENCE
166:d=5 hl=2 l= 3 prim: OBJECT :surname
171:d=5 hl=2 l= 5 prim: UTF8STRING
178:d=3 hl=2 l= 24 cons: SET
180:d=4 hl=2 l= 22 cons: SEQUENCE
182:d=5 hl=2 l= 3 prim: OBJECT :givenName
187:d=5 hl=2 l= 15 prim: UTF8STRING
204:d=3 hl=2 l= 28 cons: SET
206:d=4 hl=2 l= 26 cons: SEQUENCE
208:d=5 hl=2 l= 3 prim: OBJECT :localityName
213:d=5 hl=2 l= 19 prim: UTF8STRING
234:d=3 hl=2 l= 11 cons: SET
236:d=4 hl=2 l= 9 cons: SEQUENCE
238:d=5 hl=2 l= 3 prim: OBJECT :countryName
243:d=5 hl=2 l= 2 prim: PRINTABLESTRING :DE
247:d=3 hl=2 l= 53 cons: SET
249:d=4 hl=2 l= 51 cons: SEQUENCE
251:d=5 hl=2 l= 3 prim: OBJECT :2.5.4.16
256:d=5 hl=2 l= 44 cons: SEQUENCE <--
PostalAddress
258:d=6 hl=2 l= 15 prim: UTF8STRING
275:d=6 hl=2 l= 25 prim: UTF8STRING
...
Best Regards
Gerhard Zeus
NCP engineering GmbH
Tel: +49 911 9968 246
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List opens...@openssl.org
Automated List Manager majo...@openssl.org
Dr. Stephen Henson
>
> Hallo,
>
> With the current version of openssl when parsing the X.509 name
> (d2i_X509_NAME), a problem occurs when there is a PostalAddress
> sequence within the X.509 name. Below you have the openssl error traces
> during the parsing.
>
> 1808:error:0D07808C:asn1 encoding routines:ASN1_ITEM_EX_D2I:mstring
> wrong tag:tasn_dec.c:188:Type=ASN1_PRINTABLE
> 1808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
> error:tasn_dec.c:566:Field=value, Type=X509_NAME_ENTRY
> 1808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
> error:tasn_dec.c:542:
> 1808:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
> error:tasn_dec.c:542:
>
> PostalAddress is defined as follows:
>
> id-at-postalAddress AttributeType ::= { id-at 16 }
> PostalAddress ::= SEQUENCE SIZE (1..6) OF DirectoryString
>
>
> X509 Entry is defined as :
>
> ASN1_SEQUENCE(X509_NAME_ENTRY) = {
> ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
> ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
> } ASN1_SEQUENCE_END(X509_NAME_ENTRY)
>
>
> Question:
>
> What must we do to get a correct parsing ?
>
That's a tricky one. Its not easy to fix because the structure (which has been
around since SSLeay days) assumes a string type. A quick solution is to allow
the V_ASN1_SEQUENCE type in there too but it wont be displayed properly and
can't be prompted for in the standard utilities.
Can you send me a sample certificate including PostalAddress?
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk