Interesting.
Whether it is BER or DER should not matter since they only differ in the
encoding phase
and a BER decoder should , as far as i understand it, dissect DER just
fine.
I have not seen how or what these EXPLICIT tags translate to on the wire.
Do you have an example capture I can look at?
----- Original Message -----
From: "Yaniv Kaul"
Sent: Sunday, May 02, 2004 2:36 AM
Subject: [Ethereal-dev] Question for packet-ber.c gurus
> I'm trying to add support for dissecting X.509 certificates to Ethereal
> (which can then be used in IKE, SSL, anything else that uses them).
> (I know it's DER, not BER, but still).
> I'm having a bit of a trouble with it, I suspect it's due to EXPLICIT
tags.
> From RFC 3280:
> Certificate ::= SEQUENCE {
> tbsCertificate TBSCertificate,
> signatureAlgorithm AlgorithmIdentifier,
> signatureValue BIT STRING }
>
> TBSCertificate ::= SEQUENCE {
> version [0] EXPLICIT Version DEFAULT v1,
> serialNumber CertificateSerialNumber,
>
>
> I tried creating and dissecting it through the following structures:
> static ber_sequence Certificate_sequence[] = {
> { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, 0, dissect_tbsCertificate },
> { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, 0,
> dissect_TBSCertificate_serialNumber },
> ...
>
> and
> static ber_sequence TBSCertificate_sequence[1] = {
> { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG,
> dissect_TBSCertificate_version }
> };
>
> and it seems to work - up to the point that it does not dissect the
> serial number - it hops over it.
> Any ideas?
>
> Do we have anything special for dissecting EXPLICIT tags?
No I dont think so.
