On Wed, Jul 20, 2011, Mailing List SVR wrote: > Il 20/07/2011 08:44, Mailing List SVR ha scritto: > >Hi, > > > >openssl seems unable to verify the attacched sod.pem, other pem > >file works fine there is something strange with the one attached, > >attached is also the binary cert from which I extracted the pem, I > >have the following: > > > >openssl smime -verify -in sod.pem -inform pem -noverify > sod.data > >Verification failure > >2538:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer > >certificate not found:pk7_smime.c:378: > > > >my problem seems similar to the one described here: > > > >http://old.nabble.com/Problem-with-verifying-of-PKCS7-structure-signed-with-ECDSA-certificate-td27717780.html > > > > yes the problem is the dsn order: > > openssl cms -cmsout -in EF_SOD.PEM -inform PEM -noout -print|grep issuer: > issuer: C=IT, O=MINISTERO DELL'INTERNO, OU=PE, > CN=CERTIFICATION AUTHORITY > issuer: CN=CERTIFICATION AUTHORITY, OU=PE, O=MINISTERO > DELL'INTERNO, C=IT > > > so the order of the id of the signer is reverted in the id of the > certificate, can you please point me to the specs that said that the > dsn order must be the same? >
Many places including the DN comparision algorithm description of RFC3280. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
