Re: AW: OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday, 4 March 2019 15:20:36 CET Jan Just Keijser wrote:
> Hi Matt,
> 
> On 04/03/19 14:24, Matt Caswell wrote:
> > On 04/03/2019 13:16, Jan Just Keijser wrote:
> >> On 04/03/19 10:21, Wolfgang Knauf wrote:
> >>> Hi,
> >>> 
> >>> the output is this:
> >>> 
> >>> C:\Program Files\OpenVPN\bin>openssl.exe asn1parse -i -in
> >>> ..\config\SSL_HUG1@xxxxxxxxxxxxxxxxxxxxxxx\l1139218.vt-security.de.user.
> >>> crt
> >>> Error: offset too large
> >>> 
> >>> Would it be OK if I send the crt file to only your mail adress? I don't
> >>> feel save by posting it to the mailing list ;-)?
> >> 
> >> I ran into the "offset too large" problem myself with my own certs as
> >> well. It turns out the 'asn1parse' util only likes PEM blobs, i.e. the
> >> parts starting with --BEGIN CERTIFICATE--
> > 
> > asn1parse will expect PEM by default but is perfectly capable of
> > processing raw DER too. Just use the "-inform DER" option.
> 
> 100% true but that is not what I was referring to; my certs usually look
> like this:
> 
> Certificate:
>      Data:
>          Version: 3 (0x2)
>          Serial Number: 5338 (0x14da)
>          Signature Algorithm: sha256WithRSAEncryption
> [...]
> -----BEGIN CERTIFICATE-----
> MIIEmjCCA4KgAwIBAgICFNowDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCTkwx
> 
> 
> it's that part *before* the --BEGIN CERTIFICATE--  on which the
> asn1parse command chokes. You can feed it either a DER file or a PEM
> blob - but not a certificate file with the certificate info listed in it.

ah, yes, that's https://github.com/openssl/openssl/issues/7317

that should be possible to workaround with -strictpem option

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux