From: Jean-Paul C. <ex...@di...> - 2008-11-04 13:54:28
|
On Mon, 3 Nov 2008 16:25:55 -0500, Joshua 'jag' Ginsberg <lis...@fl...> wrote: >(apologies if this ends up double-posting -- I sent this 5 hours ago >and it hasn't shown up in the archives yet, so I'm not sure it went >out at all...) > >What am I doing wrong? Why can't I load my cert back into PyOpenSSL? > I'm not certain, but I suspect the issue is that you didn't explicitly set the notBefore and notAfter attributes on the certificate. I'm not sure why the OpenSSL.crypto.Error doesn't provide this information, but if you run this openssl command line: openssl x509 -in my.crt -text then this error is produced: unable to load certificate 13042:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142: 13042:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1281: 13042:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:208:Type=ASN1_TIME 13042:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=notBefore, Type=X509_VAL 13042:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=validity, Type=X509_CINF 13042:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=cert_info, Type=X509 13042:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: It's similar to the one you get from pyOpenSSL (complaining about a "too long" ASN1 thing somewhere, with lots of nesting and such) but notice that it also includes the names of the fields which were on the parse stack at the time of the error, something omitted from the pyOpenSSL exception. Once I noticed that, I checked your code and saw that you weren't setting the validity dates, hence my suspicion. Jean-Paul |