[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ASN.1 Encoding Technique
"Geoff Elgey" <Geoff.Elgey@quest.com> writes:
> G'day,
>
>> Consider the following ASN.1:
>>
>> Record ::= SEQUENCE {
>> name [0] Name OPTIONAL,
>> oid [1] OBJECT IDENTIFER
>> }
>
> This reminds me -- in order to get a UPN from an extension in a Certificate, I
> had to change the definition of GeneralName in rfc2459.asn1 from:
I've already notice this problem and have updated the defintion some time
ago.
> The problem is that implicitly tagged named types are not handled correctly in
> Heimdal's ASN.1 code.
>
> When attempting to decode an otherName field of GeneralName, the decoder
> attempts to decode the tag [0], then calls the decode function for Othername,
> which attempts to decode the tag for SEQUENCE. Of course, just the tag for [0]
> is required for the 'otherName' field as OtherName is implicitly tagged.
If you check the current code-base, there is lib/asn1/canthandle.asn1 that
describes the current problems with the current asn1 compiler.
The reason why I didn't fix it when I found the problem is that I didn't
want to add a new entry point for every structure, and didn't want to
change the API/ABI by adding a flag to the decode_/encode_ functions.
The workaround is bad because then you don't get a name of the element
(anonymous structure), so you have to restort to doing stuff like this:
GeneralSubtrees gs;
if (tnc.permittedSubtrees) {
gs.val = tnc.permittedSubtrees->val;
gs.len = tnc.permittedSubtrees->len;
ret = append_tree(&gs, nc->nc.permittedSubtrees);
}
Love
PGP signature