How can I check if a x509 certificate is well formed?
https://stackoverflow.com/questions/10854003
-
12-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
If openssl (e.g. x509 or s_client) thinks a DER encoded x509 self-signed certificate is well formed, can I definitively say that the certificate is well formed? For instance, openssl is able to load the certificate but a widely used closed source framework does not.
Thanks.
Solution
In general, yes, if OpenSSL can load it, than most likely there are no inherent problems with the format. However, some libraries and applications don't handle ASN.1 (DER) tags with undefined length. This is the most likely case with your certificate.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
