On Tue, Aug 11, 2015 at 08:42:41PM -0400, Robert Sandilands wrote: > It's complicated. I either need to convince somebody to fix a bug in their > software and break other dependencies in other code that depends on this > behavior or I need to write code to reproduce the buggy behavior. I am > trying to avoid the latter as it annoys me to write code to reproduce > buggy behavior ;-) It seems like I don't really have a choice. > > If it does not make sense, it is okay, it is not intended to make sense. It just implies that I don?t like either of my alternatives. If the extension value is supposed to just be raw binary data (with no ASN.1 type), you can just do that. You don't have to encapsulate it as an ASN.1 PRINTABLESTRING. OpenSSL can just store a value decoded from hex. -- Viktor.