|
Why not?
This serial number could also be displayed as 3203232750, or 000BEED73EE, or 03203232750.
Cordialement,
Erwann Abalea
thanks for explanation.
But why did Windows Cert Manager and Firefox Cert Manager show 00BEED73EE as
serial number instead of BEED73EE (which openssl shows)?
> On Jan 28, 2017, at 10:01 AM, Matthias Ballreich <matthias.ballreich@xxxxxxxxxx> wrote:
>
> is it normal that OpenSSL removes the leading Zeros in an ASN1_INTEGER?
> I tried to read the Certificate Serial and the Certificate Serial in the
> AuthorityKeyID-Extension with C++, which works very well, but i noticed
> that OpenSSL removes the leading Zeros on it.
>
> The real ASN1-Value is: 00BEED73EE for example, but i got only BEED73EE.
> If i view the Certificate inside Microsoft Cert Tool (Certmgr.exe) the
> leading Zeros are listed there. Same on Firefox, if i Import and view
> the Certificate there. So is this the correct way of handling inside
> OpenSSL or is it a bug or?
Integers don't have leading zeros. Octet strings representing integers
(in non-DER form) might have leading zeros, but you should not confuse
the data type with its representation. OpenSSL outputs the correct DER
form of the serial *number* in certificates.
Leading zeros are needed in the DER representation of positive integers
whose most significant nibble is in the range from 8 to F. Otherwise
the leading bit would cause the integer to be interpreted as negative.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users
mailing list
To
unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
|
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
