Yet another easy fix :
I am feeling quite silly, but openssl is not that easy...
-- openssl smime -verify -in test_message.smime -CAfile
./democa/cacert.pem
this will choose the ca file, which is needed to verify that the message was
signed.
Of course, properly configured, openssl should find this automatically,
right?
Anyway I am now getting the message :
Verification Failure
1024:error:2107B084:PKCS7 routines:SMIME_text:mime no content
type:.\crypto\pkcs7\pk7_mime.c:343:
1024:error:21075081:PKCS7 routines:PKCS7_verify:smime text
error:.\crypto\pkcs7\pk7_smime.c:241:
And that one the file created by smime itself...
Back to work!
mike
-----Original Message-----
From: Dupont, Michael [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 17. April 2001 13:43
To: '[EMAIL PROTECTED]'
Subject: yet another new user question about SMIME and
X509_V_ERR_UNABLE_T O_GET_ISSUER_CERT_LOCALLY
Hello,
I am a new user to open ssl working on S/MIME signing and verification of
emails.
Here is what I have done:
First I create a ca and request :
-- CA.pl -newca
-- CA.pl -newreq
-- CA.pl -signreq
Then I concat the newreq.pem + newcert.pem to make the testcat.pem. (with
dos)
-- copy newreq.pem + newcert.pem testcat.pem
Then I create a signed messages from the test_message.txt
-- openssl smime -sign -signer testcat.pem -in test_message.txt >
test_message.smime
When I try and verify a message, It does not know the issuer certificate :
-- openssl smime -verify -in test_message.smime
The question that I have is about the error code :
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
Which produces the error message :
"1676:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify
error:.\crypto\pkcs7\pk7_smime.c:213:Verify error:unable to get local issuer
certificate"
Is caused because the lookup of the certificate is failing?
Is that caused because I have not installed the certificate that signed the
message to be trusted?
What am I doing wrong, and how can I register a pem to be known?
Can anyone assist or point me in the right direction?
Thanks,
Mike
Attached is the test message created :
and following this line :
---------- CUT ------------
MIME-Version: 1.0
Content-Type: multipart/signed ; protocol="application/x-pkcs7-signature" ;
micalg=sha1 ; boundary="----B0088C00F32A99B56B5136FF0C048D3B"
This is an S/MIME signed message
------B0088C00F32A99B56B5136FF0C048D3B
This is a test message, it has no meaning other than to test the SMIME
signature feature of OpenSSL. OpenSSL is one of the worlds most trusted
Secure Socket Layer Programs. More information about open ssl is available
on http://www.openssl.org/. It was signed using openssl version 0.9.6. The
command used was "openssl smime sign". The certificate used to sign was
created by test certificate authority, you should not trust the test
certificate authority because it is not a public authority. We will have to
get a certificate from an external certificate authority for real security.
It was send using Perl Binary build 623 provided by ActiveState Tool Corp.
http://www.ActiveState.com. The module used was Net::SMTP version 2.15. The
mail relay server was devfp0.wcom.de [170.127.144.70]). You should be able
to verify that the message has not been modified. Michael DuPont ++4969
97268-165 De-SoftDev Country Applications Europe MCI Worldcom GmbH
Brönnerstr. 15 60313 Frankfurt am Main, Germany
------B0088C00F32A99B56B5136FF0C048D3B
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIIGSwYJKoZIhvcNAQcCoIIGPDCCBjgCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
DQEHAaCCBAgwggQEMIIDbaADAgECAgEBMA0GCSqGSIb3DQEBBAUAMIGqMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGSEVTU0VOMRIwEAYDVQQHEwlGUkFOS0ZVUlQxGjAY
BgNVBAoTEU1DSSBXb3JsZGNvbSBHbWJIMRMwEQYDVQQLEwpERS1TT0ZUREVWMRcw
FQYDVQQDEw5NaWNoYWVsIER1UG9udDEsMCoGCSqGSIb3DQEJARYdbWljaGFlbC5k
dXBvbnRAbWNpd29ybGRjb20uZGUwHhcNMDEwNDE1MDk0MjA0WhcNMDIwNDE1MDk0
MjA0WjCBqjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhFU1NFTjESMBAGA1UEBxMJ
RnJhbmtmdXJ0MRowGAYDVQQKExFNQ0kgV29ybGRjb20gR21iSDETMBEGA1UECxMK
REUtU09GVERFVjEXMBUGA1UEAxMOTWljaGFlbCBEdVBvbnQxLDAqBgkqhkiG9w0B
CQEWHW1pY2hhZWwuZHVwb250QG1jaXdvcmxkY29tLmRlMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDQyB5Oa2erCg/g+vSJ/PF+uZAMFXIoQXEKRShMXaPhVA0A
h1ZcsV5OCcxIc+Iv4Yc9D1jFtA77c05REi3ks5PAS2sA9gTXwuPlYCUT4heWCTDr
Ej5713x8a3DFkjLLpoRtx2C4InIX1t0b2Tlk6o7amP4ZPVbmGqMvX8aaVB+rCwID
AQABo4IBNjCCATIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH
ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPJt17ddFyFGFkTjnoZZD/UC
LNPUMIHXBgNVHSMEgc8wgcyAFCvUm3UZ44QoEwk/exIWQ0VaYTK5oYGwpIGtMIGq
MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSEVTU0VOMRIwEAYDVQQHEwlGUkFOS0ZV
UlQxGjAYBgNVBAoTEU1DSSBXb3JsZGNvbSBHbWJIMRMwEQYDVQQLEwpERS1TT0ZU
REVWMRcwFQYDVQQDEw5NaWNoYWVsIER1UG9udDEsMCoGCSqGSIb3DQEJARYdbWlj
aGFlbC5kdXBvbnRAbWNpd29ybGRjb20uZGWCAQAwDQYJKoZIhvcNAQEEBQADgYEA
WftzIVbGOce3zOmDMw4RVfyJgtp9r3wbYTIOomFUMUHS6XB7CoV/7UmTZtVSE21n
BIZ2Gqi6WnFNsLqdj7mlE+b2Tz3wL5c04gn4G1w2zAKs6N+ryCxg0xUu+PqXdVBO
bKj9Ml3gVoiWzkvvCQbiDS3NHLkgSn28qk/DjTs28P8xggILMIICBwIBATCBsDCB
qjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhFU1NFTjESMBAGA1UEBxMJRlJBTktG
VVJUMRowGAYDVQQKExFNQ0kgV29ybGRjb20gR21iSDETMBEGA1UECxMKREUtU09G
VERFVjEXMBUGA1UEAxMOTWljaGFlbCBEdVBvbnQxLDAqBgkqhkiG9w0BCQEWHW1p
Y2hhZWwuZHVwb250QG1jaXdvcmxkY29tLmRlAgEBMAkGBSsOAwIaBQCggbEwGAYJ
KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDEwNDE1MTEy
OTM5WjAjBgkqhkiG9w0BCQQxFgQU+YOCKjhvo5OuFkWxjQ3cEkhE6m4wUgYJKoZI
hvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYBz
WI0k9EV2qTtqJ1gnRwJ6U8QQWGDHcii9TyxO5VJ598Lk+cQ+MrRbKt31XSp7eYgu
mmjvMNqOWgw+GuILunZX7UgXEMWrwVBSDMo6nPxqykZLdRFpjKrgTw6WvbRWaIFM
1Euysk6NYSNSUg6yAPJyiLVnn6AODuydJQdAq8i8tQ==
------B0088C00F32A99B56B5136FF0C048D3B--
---------- CUT ------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
