Re: [pyOpenSSL] Basic CSR signing issues...

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Bingo! After setting these dates, everything worked perfectly. Thanks
for your help!

-jag

On Tue, Nov 4, 2008 at 8:54 AM, Jean-Paul Calderone <ex...@di...> wrote:
> On Mon, 3 Nov 2008 16:25:55 -0500, Joshua 'jag' Ginsberg <lis...@fl...> wrote:
>>(apologies if this ends up double-posting -- I sent this 5 hours ago
>>and it hasn't shown up in the archives yet, so I'm not sure it went
>>out at all...)
>>
>>What am I doing wrong? Why can't I load my cert back into PyOpenSSL?
>>
>
> I'm not certain, but I suspect the issue is that you didn't explicitly set
> the notBefore and notAfter attributes on the certificate.  I'm not sure
> why the OpenSSL.crypto.Error doesn't provide this information, but if you
> run this openssl command line:
>
>    openssl x509 -in my.crt -text
>
> then this error is produced:
>
>    unable to load certificate
>    13042:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
>    13042:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1281:
>    13042:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:208:Type=ASN1_TIME
>    13042:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=notBefore, Type=X509_VAL
>    13042:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=validity, Type=X509_CINF
>    13042:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=cert_info, Type=X509
>    13042:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
>
> It's similar to the one you get from pyOpenSSL (complaining about a "too
> long" ASN1 thing somewhere, with lots of nesting and such) but notice that
> it also includes the names of the fields which were on the parse stack at
> the time of the error, something omitted from the pyOpenSSL exception.  Once
> I noticed that, I checked your code and saw that you weren't setting the
> validity dates, hence my suspicion.
>
> Jean-Paul
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> pyopenssl-list mailing list
> pyo...@li...
> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list
>