On Wed, Jun 06, 2012, Vladimir Belov wrote: > Hello. > > OCSP_basic_verify failed(returns -1) although "openssl ocsp -respin > ..." show "Response verify OK" with the same OCSP response and root > CAs. > > I attached to this email the ZIP and TAR archives with OCSP > response, the checked certificate, it's issuer > certificate(VeriSignClass3ExtendedValidationSSLSGCCA.pem) and root > certs of CAs. > The checked certificate is certificate of the web-site www.verisign.com. I > use OpenSSL 1.0.0e. > > OCSP_basic_verify failed(return -1) with next errors: > 4064:error:0D0C50A1:lib(13):func(197):reason(161):.\crypto\asn1\a_verify.c:150: > 4064:error:27069075:lib(39):func(105):reason(117):.\crypto\ocsp\ocsp_vfy.c:98: > > I debuged this situation and found that this happens because > EVP_get_digestbyname for argument "name"="SHA1" returns "NULL"! >
Perhaps: http://www.openssl.org/support/faq.html#PROG8 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
