On Fri, Dec 04, 2020 at 01:54:53PM +0000, Stuart Henderson wrote: > On 2020/12/04 12:21, avv. Nicola Dell'Uomo wrote: > > Hi, > > > > when I try to verify an email in 6.8 GENERIC.MP#206 amd64, I get the > > following error: > > > > openssl smime -verify -in /path/to/file.eml > > Verification failure > > 5943599477968:error:21FFF075:PKCS7 routines:CRYPTO_internal:certificate > > verify error:/usr/src/lib/libcrypto/pkcs7/pk7_smime.c:340:Verify > > error:permitted subtree violation > > > > The same (just a different number) with: > > > > opessnl cms -verify -in /path/to/file.eml > > > > With other version of ssl the file verifies just fine. > > > > Is this due to new bounds and checks in libressl? > > > > It might be helpful to include the file; I just tried (-current and > 6.8) with a random smime-signed mail and it worked for me. >
Indeed, since the error in question points at a name constraint violation in one of signing certificates being used.
