On Tuesday, 25 September 2018 00:55:16 CEST Viktor Dukhovni wrote: > > On Sep 24, 2018, at 6:25 PM, Scott Neugroschl <scott_n@xxxxxxxxx> wrote: > > > > I tried googling, but couldn’t find an answer to this… > > > > I came across a certificate that had some text garbage before the ---- > > BEGIN CERTIFICATE ---- line. > > > > I know that the cert is defined as the data between the delimiters. Do > > the specs say anything about data before the BEGIN delimiter? Would a > > certificate with such data be valid? I know OpenSSL accepts such a cert, > > but is this an extension, or is it explicitly permitted by the > > standards/specifications? > https://tools.ietf.org/html/rfc7468#section-2 then it looks like the parser used in asn1parse -inform pem is non- compliant... https://github.com/openssl/openssl/issues/7317 -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
