I had mentioned that the attr type/value's in the sets in
COST's certificates were not properly lexicographically ordered.
Here's a concrete example from the cost-pem CA's subject DN.
I hope I have not misinterpreted the ASN.1 rules.
. . 30 3a [UNIV 16] constr <58> Here's the SEQUENCE OF RDNs
. . . 31 38 [UNIV 17] constr <56> Here's the SET OF AttrValueAssertion
. . . . 30 09 [UNIV 16] constr <9> All of the following in same SET OF
. . . . . 06 03 [UNIV 6] <3>
55 04 06 U..
. . . . . 13 02 [UNIV 19] <2>
73 65
. . . . 30 09 [UNIV 16] constr <9>
. . . . . 06 03 [UNIV 6] <3>
55 04 0a U..
. . . . . 13 02 [UNIV 19] <2>
73 75 su
. . . . 30 0f [UNIV 16] constr <15>
. . . . . 06 03 [UNIV 6] <3>
55 04 0b U..
. . . . . 13 08 [UNIV 19] <8>
63 6f 73 74 2e 64 73 76 cost.dsv
. . . . 30 0f [UNIV 16] constr <15>
. . . . . 06 03 [UNIV 6] <3>
55 04 03 U..
. . . . . 13 08 [UNIV 19] <8>
63 6f 73 74 2d 70 65 6d cost-pem
Note the DER codings of the last two attr type/values which I will repeat.
They happen to be the same length so no padding is needed.
30 0f 06 03 55 04 0b 13 08 63 6f 73 74 2e 64 73 76
XX
30 0f 06 03 55 04 03 13 08 63 6f 73 74 2d 70 65 6d
The two differ at the position marked XX. The earlier item has a value
LARGER than the later item, violating the ascending lexicographic
ordering requirement of SET OF's.
The printably encoded certificate I took that from is:
MIH3MIHKAgEBMA0GCSqGSIb3DQEBAgUAMDoxODAJBgNVBAYTAnNlMAkGA1UEChMC
c3UwDwYDVQQLEwhkc3Z0LmRzdjAPBgNVBAMTCGNvc3QtcGVtMBoXCzkzMDQyNjEy
MDFaFws5NDA0MjYxMjAxWjA6MTgwCQYDVQQGEwJzZTAJBgNVBAoTAnN1MA8GA1UE
CxMIY29zdC5kc3YwDwYDVQQDEwhjb3N0LXBlbTAiMA0GCSqGSIb3DQEBAQUAAxEA
MA4CCQDCJ3dyM+x2kwIBAzANBgkqhkiG9w0BAQIFAAMZAIAAiNVp5gnFVd/4oEYi
ShK7kvLTM3dBCw==
It was taken from the subject DN.
-Ray