On Fri, Mar 15, 2013, Tim Tassonis wrote: > Hi > > I am trying to generate a csr in a c program by having the signing > part done by pkcs11 calls, and while I get no errors, the resulting > csr fails upon validation: >
Analysing that CSR the actual signature isn't in the correct form: it just contains the raw SHA1 digest instead of the required DigestInfo structure. You can check that using rsautl in a manner similar to that for certificates mentioned in the manual page. However: > > sign_mechanism.mechanism = CKM_SHA1_RSA_PKCS; That mechanism *should* produce a signature in the correct format, so possibly a problem with the PKCS#11 library? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
