> On Mar 21, 2019, at 1:57 PM, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote: > > 1. Return failure from i2d_ASN_OBJECT(), which then percolates > up to failure to encode the containing structure. > > 2. Emit a "harmless" default OID (such as 0.0), returning to > the behaviour prior to 1.0.1i > > 3. Emit the invalid empty OID (06 00) in the expectation that > this would not be something that other decoders would have > to support. That is, it would only be used, as in this case, > to serialize and deserialize objects *within* an application, > and there would be no pressure on other implementations to > follow suit. > > I am curious what other OpenSSL developers and users would like to > see happen. Any of the above? Or something else? The present > behaviour seems wrong to me, because we're silently generating > invalid structures with missing required fields (when encoding > incompletely initialized structures). I've opened https://github.com/openssl/openssl/issues/8553 to track this issue. -- Viktor.
