On Mon, Sep 14, 2009, Frank Mcgeough wrote:
I'm using openssl on a Symbian device. I load in my own certificate
file
and am able to verify my server connection. However, on a newer
device (
brand new ) there has been a change in what is provided in the
openssl dll
(I can see a byte level difference) and now I am getting an error
when I
attempt to verify the server. The error that I get back is :
error:04077064:rsa routines:RSA_verify:algorithm mismatch
I'm going to have to compile openssl for myself in order to step
through
the code. What I'm looking for is any help in understanding why
this would
happen. The code was working before and on a newer device it suddenly
fails. Would this indicate that something has been removed from the
newer
openssl
dll?
I'm not sure what you mean by "verify the server". Do you mean an
SSL/TLS
connection or some other protocol?
Apologies for being obtuse. I mean certificate validation if that is
clearer. I want to ensure that the server that I'm trying to connect
to is the one that I'm actually connected to.
Yes. Its SSL/TLS, a HTTPS connection to the server. I load in my
trusted certificates from a file in PEM format with :
SSL_CTX_load_verify_locations. Then start a session with the server. I
see the server send its certificate. It looks fine (using wireshark).
RSA_verify just rejects it for some reason.
That error is caused by an invalid RSA signature format, as opposed
to the
signature just failing. If you log the signature and public key used
to a
file it could be analysed.
I'm using libcurl which in turn uses openssl. I'll try and figure out
what to look at in RSA_verify once I can get openssl compiled for
Symbian.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
