[erlang-questions] Unrecognised OID -> fail to decode printableString

Simon MacMullen <>
Tue Apr 9 17:44:31 CEST 2013


With the attached certificate (provided by a user, apparently generated 
by "Red Hat Certificate System 7.3") and R16B:

1> rr(public_key).
[...]

2> {ok, File} = file:read_file("/path/to/cert.pem").
{ok,<<"-----BEGIN CERTIFICATE-----"...>>}

3> [{'Certificate', Cert, _}] = public_key:pem_decode(File).
[{'Certificate',<<48,130,3,178,...>>, not_encrypted}]

4> #'OTPCertificate'{tbsCertificate = #'OTPTBSCertificate'{subject = 
Subject}} = public_key:pkix_decode_cert(Cert, otp).
#'OTPCertificate'{...}

5> Subject.
{rdnSequence,
     [[#'AttributeTypeAndValue'{type = {2,5,4,6},value = "ES"}],
      [#'AttributeTypeAndValue'{
           type = {2,5,4,10},
           value = {printableString,"OMEL"}}],
      [#'AttributeTypeAndValue'{
           type = {2,5,4,11},
           value = {printableString,"OM"}}],
      [#'AttributeTypeAndValue'{
           type = {2,5,4,3},
           value = {printableString,"DSI PRUEBAS"}}],
      [#'AttributeTypeAndValue'{
           type = {0,9,2342,19200300,100,1,1},
           value = <<19,9,68,83,73,83,79,70,84,57,57>>}]]}

Umm, why has the last value not been decoded? According to my very very 
slack knowledge of BER, 19 = printableString, 9 is the length, and the 
rest is the string. And decoding it by hand gives the expected result.

So why does this value not get decoded?

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, VMware
-------------- next part --------------
-----BEGIN CERTIFICATE-----
MIIDsjCCApqgAwIBAgICBr0wDQYJKoZIhvcNAQEFBQAwKzEYMBYGA1UEChMPT01F
TCBQS0kgRG9tYWluMQ8wDQYDVQQDEwZvbWVsQ0EwHhcNMTMwNDA4MTAzODI1WhcN
MTMwNDMwMTAzODI1WjBaMQswCQYDVQQGEwJFUzENMAsGA1UEChMET01FTDELMAkG
A1UECxMCT00xFDASBgNVBAMTC0RTSSBQUlVFQkFTMRkwFwYKCZImiZPyLGQBARMJ
RFNJU09GVDk5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQsrz7gJ
cP2kxxtLu4ZozYL/FtIuFG2MqH0jSbztbSnE2ylyOo0sN/yXzeb5kM/gsN+gBgqo
ox4g+2Q13bKUCy/NeCm2O1n/ETf9+H4PDE6/h6NueAv1vSBWZxhGFzAGaRVlid+P
qnja+Jm4fdIl9un2oDcZE3got0KjbGwljl/NiMGlLG52J3+eUiuG+DaAq4toLAlU
KWcuy266M2W1GAVqptA+kh35FNvhiBW5fQhp16hwDevY/91AdCrGu9htUYNmiDVU
KVzZcijiZGDHKYFmYP4L/2Fszz5Pp1NH04kQGU9/O/HYibmhZFd7m2CaV+4RIuFv
Yde5SYJCKrIG9wIDAQABo4GwMIGtMB8GA1UdIwQYMBaAFNbKR4oHY8Fw92anG0vW
rEFeebR4MEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcwAYYkaHR0cDovL0NFUlQx
LU9NLk9NRUwuRVM6OTA4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUE
FjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwGQYDVR0RBBIwEIEORFNJU09GVEBQUkIu
RVMwDQYJKoZIhvcNAQEFBQADggEBAHG8Yl27yGjNoZzap5PtEwpRIuBgoiFwyVDX
BL1m7SbgD1bVdwEfCwM9dMZy2kSpxiDgRoh/6M3xQAhU3Z/mppOeBtckTKXWnlkH
HOoE92XwOmkjuz4PSkxrinc50n/NiKPRvxt6K07NAKm+t2n/LopKkiKCYgKIgOi1
U9ONhvUBuP7tAnXjhTMqTl1bg9sNxt+ceI7ucx7NZeAtqnYlh+SrPpMVhWBAZpKs
/kQ0D1VpsyM6qq0+mCCTAHQAZsCErjPb9tjsVKZfOdRAHCD4ASjqaUJos2+f2dzG
P/JUhE/BewPJvWgADBBKwj/IKSLrYYYigzqLlqnmCEDt6Jtrt5Q=
-----END CERTIFICATE-----


More information about the erlang-questions mailing list