Il 20/07/2011 08:44, Mailing List SVR ha scritto:
Hi,
openssl seems unable to verify the attacched sod.pem, other pem file
works fine there is something strange with the one attached, attached
is also the binary cert from which I extracted the pem, I have the
following:
openssl smime -verify -in sod.pem -inform pem -noverify > sod.data
Verification failure
2538:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer
certificate not found:pk7_smime.c:378:
my problem seems similar to the one described here:
http://old.nabble.com/Problem-with-verifying-of-PKCS7-structure-signed-with-ECDSA-certificate-td27717780.html
yes the problem is the dsn order:
openssl cms -cmsout -in EF_SOD.PEM -inform PEM -noout -print|grep issuer:
issuer: C=IT, O=MINISTERO DELL'INTERNO, OU=PE,
CN=CERTIFICATION AUTHORITY
issuer: CN=CERTIFICATION AUTHORITY, OU=PE, O=MINISTERO
DELL'INTERNO, C=IT
so the order of the id of the signer is reverted in the id of the
certificate, can you please point me to the specs that said that the dsn
order must be the same?
thanks
Nicola
however the attached certificate was issued by my country (Italy) and
I'm sure other software are able to verify it so this seems an openssl
bug,
any help would be appreciated,
thanks
Nicola
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
