Closed kinichiro closed 9 years ago
kinichiro
commented
9 years ago I tried to dump corrupt cert file by od -A x -t x1z -v, and I found that,
all 0x0a(LF) in ASN.1 is converted to 0x0d(CR) 0x0a(LF) by mingw64.
So, binary mode open (like BIO_new_file("filename.der", "wb")) will solve this issue.
kinichiro
commented
9 years ago I modified apps/ca.c a little bit to output cert in binary mode.
...
write_new_certificate(Cout, x, 0, notext);
write_new_certificate(Sout, x, output_der, notext);
BIO *Xout = NULL;
Xout = BIO_new_file("./Xout.der", "wb");
write_new_certificate(Xout, x, output_der, notext);
BIO_free(Xout);
}
...
Then I could get Xout.der file, But, x509 command and asn1parse command fail on mingw64.
$ ../apps/openssl.exe x509 -in Xout.der -inform DER -outform PEM unable to load certificate 2587050918:error:0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data:asn1/a_d2i_fp.c:238: $ ../apps/openssl.exe asn1parse -inform DER -in Xout.der Error in encoding 2682857868:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1/asn1_lib.c:144:
Output Xout.der seems OK, because cygwin64 environment could handle it right.
$ ../apps/openssl.exe x509 -inform DER -in Xout.der -outform PEM
-----BEGIN CERTIFICATE-----
MIIDJTCCAg0CAQEwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCSlAxDjAMBgNV
BAgMBVRva3lvMRswGQYDVQQKDBJURVNUX0RVTU1ZX0NPTVBBTlkxHjAcBgNVBAMM
FXRlc3RDQS50ZXN0X2R1bW15LmNvbTAeFw0xNTA1MjYxMjMzMTFaFw0xNTA1Mjcx
MjMzMTFaMFkxCzAJBgNVBAYTAkpQMQ4wDAYDVQQIDAVUb2t5bzEbMBkGA1UECgwS
VEVTVF9EVU1NWV9DT01QQU5ZMR0wGwYDVQQDDBRzcGthYy50ZXN0X2R1bW15LmNv
bTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAL12aS3BHrv69FqDF3qH
70PlSNLyiX1zk0dTgNIj/uPbd49U1PgBMaQKPNbF/mJ/IQKfXwIGtMfhaX1QJYD2
Zf449L7jiM17DWpE86E9yuUSRjB9hGETWACCOwa4l2kmGjlWCOaZoFzdMo54fF+8
XlBjUSrRPjotPRif0X2QP0XQ35HhLv4KMsIdyvnGncuylKlIo4IZnwrCDdsJWSYp
Vye0tVOp1BuYy0J7+GVQ7rTVs9AjTm2Zw+JrVbJmaMj7NH75PLp3wUGmofcuBCzO
1Jou8wenPMfwCm2mnHdtiebW9u6X1/MoX+l6hjeAGJgDfIE5BrFvV5k0MHbEZw6i
aTECAQMwDQYJKoZIhvcNAQEFBQADggEBAE/dvF2kIWg2Kv5p1GhQB6trwy0+8J4A
YZLHPV3ysejW17JlWxlVm7obPvyQVVbBkdYeAZPF+UdPUFfEYuE9335whyY0fDKs
LXw1wo6eLWuMuap3tO/XPDGTfOJpuSz7FybOf3XY8kIptzeo4h6M2YqVpEqxSgyc
ta+s5ISOhfn5NVfXgJpK+j/mNucWI89omcYcqlGQFDpko1xozWWwgndENzBTA9nn
iYxnFGP/gmVoj5o9uCceu1dHUOT/MQjvxoZgWtO6oJRVOs7Z4GVygiLZKyf9XZxR
6Gjyl+40rOc3vxj4IWRapZVsFBguv8SoICKf0l7tPexFlVg7fBbOu/g=
-----END CERTIFICATE-----
$ ../apps/openssl.exe asn1parse -inform DER -in Xout.der -i
0:d=0 hl=4 l= 805 cons: SEQUENCE
4:d=1 hl=4 l= 525 cons: SEQUENCE
8:d=2 hl=2 l= 1 prim: INTEGER :01
11:d=2 hl=2 l= 13 cons: SEQUENCE
13:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
24:d=3 hl=2 l= 0 prim: NULL
26:d=2 hl=2 l= 90 cons: SEQUENCE
28:d=3 hl=2 l= 11 cons: SET
30:d=4 hl=2 l= 9 cons: SEQUENCE
32:d=5 hl=2 l= 3 prim: OBJECT :countryName
37:d=5 hl=2 l= 2 prim: PRINTABLESTRING :JP
41:d=3 hl=2 l= 14 cons: SET
43:d=4 hl=2 l= 12 cons: SEQUENCE
45:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
50:d=5 hl=2 l= 5 prim: UTF8STRING :Tokyo
57:d=3 hl=2 l= 27 cons: SET
59:d=4 hl=2 l= 25 cons: SEQUENCE
61:d=5 hl=2 l= 3 prim: OBJECT :organizationName
66:d=5 hl=2 l= 18 prim: UTF8STRING :TEST_DUMMY_COMPANY
86:d=3 hl=2 l= 30 cons: SET
88:d=4 hl=2 l= 28 cons: SEQUENCE
90:d=5 hl=2 l= 3 prim: OBJECT :commonName
95:d=5 hl=2 l= 21 prim: UTF8STRING :testCA.test_dummy.com
118:d=2 hl=2 l= 30 cons: SEQUENCE
120:d=3 hl=2 l= 13 prim: UTCTIME :150526123311Z
135:d=3 hl=2 l= 13 prim: UTCTIME :150527123311Z
150:d=2 hl=2 l= 89 cons: SEQUENCE
152:d=3 hl=2 l= 11 cons: SET
154:d=4 hl=2 l= 9 cons: SEQUENCE
156:d=5 hl=2 l= 3 prim: OBJECT :countryName
161:d=5 hl=2 l= 2 prim: PRINTABLESTRING :JP
165:d=3 hl=2 l= 14 cons: SET
167:d=4 hl=2 l= 12 cons: SEQUENCE
169:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
174:d=5 hl=2 l= 5 prim: UTF8STRING :Tokyo
181:d=3 hl=2 l= 27 cons: SET
183:d=4 hl=2 l= 25 cons: SEQUENCE
185:d=5 hl=2 l= 3 prim: OBJECT :organizationName
190:d=5 hl=2 l= 18 prim: UTF8STRING :TEST_DUMMY_COMPANY
210:d=3 hl=2 l= 29 cons: SET
212:d=4 hl=2 l= 27 cons: SEQUENCE
214:d=5 hl=2 l= 3 prim: OBJECT :commonName
219:d=5 hl=2 l= 20 prim: UTF8STRING :spkac.test_dummy.com
241:d=2 hl=4 l= 288 cons: SEQUENCE
245:d=3 hl=2 l= 13 cons: SEQUENCE
247:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
258:d=4 hl=2 l= 0 prim: NULL
260:d=3 hl=4 l= 269 prim: BIT STRING
533:d=1 hl=2 l= 13 cons: SEQUENCE
535:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
546:d=2 hl=2 l= 0 prim: NULL
548:d=1 hl=4 l= 257 prim: BIT STRING
kinichiro
commented
9 years ago on mingw64 environment, both generating and parsing DER format seems trouble.
req -new -x509 -outform DER also has same problem and generates corrupt cert.
asn1parse -inform DER and x509 -inform DER can not parse input DER file.
kinichiro
commented
9 years ago posted this to https://github.com/libressl-portable/portable/issues/94
kinichiro
commented
9 years ago Linking binmode.o solves this or not ?
kinichiro
commented
9 years ago No. binmode.o does nothing on mingw64.
signing by
cacommand to SPKAC csr seems to fail on mingw64.I wrote test script for this.
ca-spkac.shhttps://gist.github.com/kinichiro/caef4b22bed0a5039adcthis script fails like below on mingw64.
script fails at
x509command, but this error seems caused by bad formatted certificate.this issue does not affect to cygwin64.