Invalid_argument "X509: failed to parse certificate" when using X509.Encoding.Pem.Certificate.of_pem_cstruct1 about ocaml-x509 HOT 3 CLOSED

When I decode the above certificate with openssl, it shows an ECC key. X.509 does not support ECC right now (the reason is that the used crypto layer does not have ECC support, see mirleft/ocaml-nocrypto#95 - which is required to support verify and sign operations). I still hope we'll get reasonable ECC support in OCaml soon.

from ocaml-x509.

I looked again into this issue and the above certificate. My earlier assessment is wrong, the provided certificate contains a public key, but is signed with an RSA key. The reason why this certificate fails to parse is that the AlgorithmIdentifier is not followed by the mandatory (!?) param field set to NULL. I'm in the process of figuring out whether the NULL is actually mandatory (RFCs are slightly contradictory, lots of implementations seem to use/require NULL).

from ocaml-x509.

since I comment here every 8-9 months, let me add some more information. the NULL is indeed optional, but due to some technical issues this is not easy to express in asn1-combinators at the moment -- an attempt to cope with it is in #114 which convolutes the implementation quite a bit. I'll later think about this issue again and may include a patch for the next release.

from ocaml-x509.