[EMAIL PROTECTED] wrote:
Hi all,
I try to ask an ocsp responder for the status of some certificates using
openssl as ocsp client.
Doing that the client produces the following Messages:
------------------------------------------------------------------------
-----------------------
C:\Programme\OpenSSL\bin>openssl ocsp -issuer
c:\Programme\OpenSSL\bin\certs\cert.pem -serial 1123 -url
http://161.90.190.254:2560 -verify_other
c:\Programme\OpenSSL\bin\certs\ocsp.pem -trust_other
Response Verify Failure
2492:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
type is not 01:.\crypto\rsa\rsa_pk1.c:100:
2492:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:.\crypto\rsa\rsa_eay.c:699:
2492:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:.\crypto\asn1\a_verify.c:168:
2492:error:27069075:OCSP routines:OCSP_basic_verify:signature
failure:.\crypto\ocsp\ocsp_vfy.c:98:
1123: revoked
This Update: Mar 30 15:51:13 2007 GMT
Next Update: Apr 2 10:33:23 2007 GMT
Revocation Time: Mar 30 15:00:00 2007 GMT
------------------------------------------------------------------------
-----------------------
What will openssl tell me? Whats going wrong here? Any ideas?
the signature within the ocsp response seems to be broken
or a wrong public key is used when openssl tries to verify
it (if the response contains the hash of the oscp signers
public key this should be rather unlikely).
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
