Comments (3)
When I decode the above certificate with openssl
, it shows an ECC key. X.509 does not support ECC right now (the reason is that the used crypto layer does not have ECC support, see mirleft/ocaml-nocrypto#95 - which is required to support verify
and sign
operations). I still hope we'll get reasonable ECC support in OCaml soon.
from ocaml-x509.
I looked again into this issue and the above certificate. My earlier assessment is wrong, the provided certificate contains a public key, but is signed with an RSA key. The reason why this certificate fails to parse is that the AlgorithmIdentifier is not followed by the mandatory (!?) param field set to NULL. I'm in the process of figuring out whether the NULL is actually mandatory (RFCs are slightly contradictory, lots of implementations seem to use/require NULL).
from ocaml-x509.
since I comment here every 8-9 months, let me add some more information. the NULL
is indeed optional, but due to some technical issues this is not easy to express in asn1-combinators at the moment -- an attempt to cope with it is in #114 which convolutes the implementation quite a bit. I'll later think about this issue again and may include a patch for the next release.
from ocaml-x509.
Related Issues (20)
- parsing pem from string HOT 2
- Incompatible with sexplib/ppx_sexp_conv v0.11.0 HOT 6
- API woes HOT 1
- Remove conflict with ppx_sexp_conv >= v0.11.1 HOT 3
- Expose X509.Certificate.compare HOT 2
- Issues with the DN representation HOT 22
- Certificate verification allows dangerous algorithms HOT 8
- Why is Validation.trust_cert_fingerprint deprecated? HOT 3
- improve API (make it harder to use wrong) HOT 2
- feature: ed25519 support HOT 7
- feature: ed448 support HOT 1
- mirage-crypto 0.8.9 breaks regression test HOT 7
- feature: enhance Private_key module HOT 1
- [Public_key.verify]'s ECDSA evaluation mishandles long digests HOT 11
- Serial number at 0 can not be decoded with #167 HOT 3
- Retrieving valid_from/valid_until from a certificate HOT 1
- missing `astring' in META HOT 2
- How to access some parts of a certificate HOT 1
- Cannot install due to dependency problem HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ocaml-x509.