Hi Dalini,

I have now a fix for the problem but it requires again the test of CSR and CRR signing. It looks like the browsers have problems with LF. I updated HTML.pm so that it replaces now LF always by CRLF. The result is that verifySignature has no longer any problems with test_cert.

Our requests looks now a little bit ugly because they contain data now with CRLF inside. I tried to find out what is with a single LF if I sign the string "test\ntest" but I didn't find the string which SECCLAB signed. The following things does not work:

test\ntest
test\r\ntest
testtest
test test

If somebody knows what happens with the LF then we can fix the problem but I think the best solution is to always send CRLF. If we do this then we have a clear situation if we search for errors.

I commit the patch for HTML.pm in some minutes.

Michael
--
-------------------------------------------------------------------
Michael Bell                   Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice            Tel.: +49 (0)30-2093 2482
(Computing Centre)                        Fax:  +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin                   Email (private): [EMAIL PROTECTED]
Germany                                       http://www.openca.org



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to