The second certificate seems garbaged at the 4th RDN of the issuerName.
The Base64 edition might have added or deleted some characters.
Cordialement,
Erwann Abalea
Le 25/06/2020 16:00, « openssl-users au nom de Angus Robertson - Magenta Systems Ltd » <openssl-users-bounces@xxxxxxxxxxx au nom de angus@xxxxxxxxxxxx> a écrit :
More information, the original certificates supplied by the end user
had unwrapped base64 blocks, lines 2,500 long. I wrapped them for
email.
If I try the asn1parse command on the wrapped certificates, they now
attempt to parse, the OK is fine, the bad one now gives an error
message from asn1parse:
Error in encoding
20236:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:crypto\asn1\asn1_lib.c:91:
and error:09091064:PEM routines:PEM_read_bio_ex:bad base64 decode
from PEM_read_bio_X509.
The RFC says 'Parsers MAY handle other line sizes' but it would be good
if OpenSSL gave a 'PEM line too long' error rather than no error. I'll
change my library code to check for line ending in the base64 to give
the user a polite message.
Now the only problem is what is asn1 decoding unhappy with?
Angus
