On Thu, Nov 14, 2013, Dimitrios Apostolou wrote: > some time now I'm having problems with X509_verify() from > openssl-1.0.0-27.el6_4.2.i686 shipped with latest RHEL 6. The > problem is that a self-signed certificate that I generate and verify > on the server side, fails to verify on the client side after the TLS > handshake. > > Since this works fine with latest OpenSSL I assumed it's a bug in > OpenSSL and did a git-bisect. The commit that fixes it seems to be: > > > commit 39239280f3576f3418dadbf751bc7a2bb3252d4e > Author: Dr. Stephen Henson <st...@openssl.org> > Date: Sun Oct 3 18:58:09 2010 +0000 > > This commit contains the following description in CHANGES: > > + *) Don't reencode certificate when calculating signature: cache and use > + the original encoding instead. This makes signature verification of > + some broken encodings work correctly. > > > Can you please explain me what a "broken" encoding is, and how I > might be using it? How can I self-sign a certificate that can be > verified in old versions as well? >
When a certificate is parsed various fields are decoded. Before this change when a signature was verified it was re-encoded. Any discrepancy between the original encoding and the re-encoded version would result in a signature failure. This can happen for all sorts of reasons, usually violation of DER. This change stores the original encoding and verifies signatures against that instead of re-encoding. It's not clear how you could create a certificate that violates DER using OpenSSL, though you're not using a standard version so some bug fixes might be missing. Can you send a sample certificate that fails signature verification in the way you describe? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
