Peter Sylvester wrote:
>> The reverse may not be true in real life. One way this comparison might
>> bite you is when the issue issues certificate with encoding violating
>> the DER requirements. For example, the ASN1_INTEGERs with octet
>> encodings "02" and "00 02" contain the same value 2, but these encodings
>> will in fact be different if you compare them with memcmp.
>> The latter ("00 02") is incorrect encoding, violating DER.

> It violates even BER as far as I remember Since X.409 1984 the text says:
> The value of the integer shall be encoded in the fewest possible octets
> the first (most significant) 9 bits shall not all be ones or zeros.

X.409 is obsolete.

However, X.690 is indeed says so, you are correct.

Lev Walkin
__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager