[xmlsec] Problem with some cert which has a negative serial number

Aleksey Sanin aleksey at aleksey.com
Sun Feb 20 19:51:32 PST 2005


OK, I see it now. However, I am not sure I understand how to fix
your problem w/o breaking Michael's code because it seems that
in his case "B2 ..." is *always* a positive integer. I am coping
this email to Michael too get his opinion.

Meantime, it would be great if you can try to parse your certificate
with openssl and check if it would consider this number negative or
positive.

Aleksey


Chandler Peng wrote:
> Dear Aleksey ,
>  
> That bug  you refer to resolved a  problem how to transfer a positive 
> decimal string to a positive integer . 
> For example , there is a serial number "00 B2 2F 00 00 /00 02 20 73 3B 
> 25 34 C4 42 6F"/ in the certificate , the serial number is a positive 
> integer for the first byte is 0x00(the first bit is 0) . The libxmlsec 
> will transfer the SN to "/3613992633088206991095317234205295" /in 
> decimal format and transfer back to /"B2 2F 00 00 00 02 20 73 3B 25 34 
> C4 42 6F" /in der format . That is a bug for the integer "00 B2 2F 00 00 
> /00 02 20 73 3B 25 34 C4 42 6F" is not equal to /the integer  "B2 2F 00 
> 00 /00 02 20 73 3B 25 34 C4 42 6F". /That bug has been fixed in CVS./
> 
> /This bug we reported is different with that bug.
> For example , if there is a serial number "B2 2F 00 00 /00 02 20 73 3B 
> 25 34 C4 42 6F"/ in the certificate , the serial number is a negative 
> integer for the first byte is 0xB2(the first bit is 1) . The libxmlsec 
> will transfer the SN to "/3613992633088206991095317234205295" /in 
> decimal format and transfer back to /"00 B2 2F 00 00 00 02 20 73 3B 25 
> 34 C4 42 6F" /in der format . This is a bug for "B2 2F 00 00 /00 02 20 
> 73 3B 25 34 C4 42 6F" /is a  negative integer and 
> "/3613992633088206991095317234205295"/ is a positive decimal format 
> string. They are not equal.
> 
> It seem that there should be a flag in decimal format to distinguish 
> whether the decimal string is positive or not , does'nt it?
> 
> --Chandler
>  
> Aleksey Sanin wrote:
> 
>> I guess you are using xmlsec-mscrypto library and if this is
>> the case then I believe that this bug was already fixed in CVS:
>>
>> http://www.aleksey.com/pipermail/xmlsec/2005/002487.html
>>
>> It would be great if you can try the CVS version and report if your
>> problem still exists.
>>
>> Thanks,
>> Aleksey
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list