Package: openssl Version: 0.9.8o-4 Severity: normal
If I make a simple message: ---cut here 8><--- Content-Type: application/octet-stream Content-Transfer-Encoding: 8bit BINARY DATA ---cut here 8><--- (note lines end in LF, not CRLF) and sign it as so: openssl smime -sign -binary -in zz-in -out zz-out \ -signer as2.crt -inkey as2.key (note I asked for -binary) Then it is impossible to verify the message: openssl smime -verify -binary -in zz-out -noverify \ -certfile as2.crt -inform smime | cat -vet Verification failure 21148:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:948: 21148:error:21075069:PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:312: Content-Type: application/octet-stream^M$ Content-Transfer-Encoding: 8bit^M$ ^M$ BINARY DATA^M$ ^M$ It seems that the -verify code doesn't know how to do -binary. If I sign without -binary and verify with or without -binary then the verification works, but my binary data is corrupted by replacing all LF's with CRLF. -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libssl0.9.8 0.9.8o-4 SSL shared libraries ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20090814+nmu2 Common CA certificates -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org