Solved !
I forgot to call SSLeay_add_all_algorithms();
... a summer youthful folly :-)
Flt
Il giorno sab, 02/08/2008 alle 11.43 +0200, .:: Francesco la Torre ::.
ha scritto:
> On sab, 2008-08-02 at 02:04 -0700, Kyle Hamilton wrote:
> > The verify(1ssl) man page has descriptions of these error codes. 7 is
> > "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure",
> > which is described as: the signature of the certificate is invalid.
> >
> > I would presume that this is because the signature cannot be verified
> > with the public key that it's said to be verifiable with -- i.e., the
> > data in one of the certificates has been modified since it was signed
> > (and thus, the signature has been invalidated).
> >
>
> You're true, but I used the "stange" abjective because if I try to
> verify the certificate from command line
>
> openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem
>
> The output is :
>
> cert.pem: OK
>
> so both certificates are valid.
>
> Regards,
> Flt
>
> > -Kyle H
> >
> > On Fri, Aug 1, 2008 at 5:15 PM, .:: Francesco la Torre ::.
> > <[EMAIL PROTECTED]> wrote:
> > > On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote:
> > >
> > > One mistake is here even if there were not compilation error
> > >
> > >> and also add this line to the main
> > >> X509_STORE_set_verify_cb_func(&ca_ctx,cb);
> > >>
> > >
> > > the correct code block is :
> > >
> > > ...
> > > /* load CA cert store */
> > > if (!(CAcerts = X509_STORE_new())) {
> > > printf ("\nError1\n");
> > > }
> > > ---> X509_STORE_set_verify_cb_func(CAcerts,cb);
> > > ...
> > >
> > >
> > >
> > >> but the result is always the same :
> > >>
> > >
> > > Not always the boring "Verification error: certificate signature
> > > failure"
> > >
> > > But a new strange error :
> > >
> > >
> > > /C=IT/ST=Italy/O=IIT-CNR/OU=lab18/CN=ubuntu-ser/[EMAIL PROTECTED]
> > > error 7 at 1 depth lookup:certificate signature failure
> > > Verification error: 0
> > >
> > >
> > > I've tried to find any kind of reference for this kind of error but
> > > google returns not a very good help.
> > >
> > > In various forum/mailing list this is _classified_ as *quite strange*
> > > error ... is it possible ?
> > >
> > > Thanks in advance,
> > > Flt
> > >
> > >
> > > ______________________________________________________________________
> > > OpenSSL Project http://www.openssl.org
> > > User Support Mailing List openssl-users@openssl.org
> > > Automated List Manager [EMAIL PROTECTED]
> > >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List openssl-users@openssl.org
> > Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
