Il 20/07/2011 17:06, Dr. Stephen Henson ha scritto:
On Wed, Jul 20, 2011, Mailing List SVR wrote:
Il 20/07/2011 08:44, Mailing List SVR ha scritto:
Hi,
openssl seems unable to verify the attacched sod.pem, other pem
file works fine there is something strange with the one attached,
attached is also the binary cert from which I extracted the pem, I
have the following:
openssl smime -verify -in sod.pem -inform pem -noverify> sod.data
Verification failure
2538:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer
certificate not found:pk7_smime.c:378:
my problem seems similar to the one described here:
http://old.nabble.com/Problem-with-verifying-of-PKCS7-structure-signed-with-ECDSA-certificate-td27717780.html
yes the problem is the dsn order:
openssl cms -cmsout -in EF_SOD.PEM -inform PEM -noout -print|grep issuer:
issuer: C=IT, O=MINISTERO DELL'INTERNO, OU=PE,
CN=CERTIFICATION AUTHORITY
issuer: CN=CERTIFICATION AUTHORITY, OU=PE, O=MINISTERO
DELL'INTERNO, C=IT
so the order of the id of the signer is reverted in the id of the
certificate, can you please point me to the specs that said that the
dsn order must be the same?
Many places including the DN comparision algorithm description of RFC3280.
Sorry can you point me to the exact paragraph, I read 4.1.2.4 and
5.1.2.3 but the comparision seems to happen on the contents of the
issuer field and not the order,
thanks
Nicola
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
