Comment # 3
on bug 8799
from Mak Kolybabi
Created attachment 11013 [details]
OCSP Requests with varying serial number lengths.
I recreated a certificate four times, each with a different serial number
(2^8-1, 2^16-1, 2^32-1, 2^64-1) and then sent it to the Verisign OCSP
Responder. Note that this certificate was not one signed by Verisign, so it
gets rejected, making the responses useless. Focusing on the requests...
2^8-1 was encoded in ASN.1 as:
02 02 ff ff
and interpreted as:
255
2^16-1 was encoded in ASN.1 as:
02 03 00 ff ff
and interpreted as:
65535
2^32-1 was encoded in ASN.1 as:
02 05 00 ff ff ff ff
and interpreted as:
-1
2^64-1 was encoded in ASN.1 as:
02 09 00 ff ff ff ff ff ff ff ff
and interpreted as:
(blank)
This is due to the top bit of the serial number being set, but INTEGERs being
interpreted as two's complement, so an extra padding byte is necessary to
indicate that the number is not negative.
You are receiving this mail because:
- You are watching all bug changes.