Guys,
On Tuesday 06 July 2004 15:45, Michael Bell wrote:
I commited a second big bugfix today which should now fix the problem with the signature verification for roles and PIN (CRINs) too. I worked some time ago on a telco software and remembered me that the linebreak of http is \r\n.
I have just been and checked out a fresh CVS version, installed it and I am still getting the same signing verification problems in Signing a CSR and User "testing a certificate". I am using IE 6. The error I see is:
Error 6206 General Error. Cannot build PKCS#7-object from extracted signature! OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot parse signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv failed. [Info]: PKCS#7 object loaded. [Info]: Data is ready for verification. [Info]: Signature Informations (PKCS#7): [Info]: Signature is corrupt. Errorcode -1. [Error]: error:04077068:rsa routines:RSA_verify:bad signature [Info]: Input file intialized. [Info]: Signaturefile initialized. [Info]: Reading Certificate file. depth:1 serial:00 subject:[EMAIL PROTECTED],CN=diginus development,O=diginus,C=GB depth:0 serial:07 subject:serialNumber=7,CN=CA Admin,OU=Trustcenter,O=Diginus,C=GB signature:error:-1 )..
I think Michael you fixed this, is it just me ? Or are other people still seeing this problem ?
I have the same problem here: Signing of CSR, CRR don't work correctly.
Example view the CRR there is Invalid signature reported.
Browser message:
Error 560
General Error. Signature Object not returned, check the openca-verify command. Cannot build PKCS#7-object from extracted signature!
OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot parse signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv failed. [Info]: PKCS#7 object loaded.
[Info]: Data is ready for verification.
[Info]: Signature Informations (PKCS#7):
[Info]: Signature is corrupt. Errorcode -1.
[Error]: Digest mismatch. Signature is wrong.
[Info]: Input file intialized.
[Info]: Signaturefile initialized.
[Info]: Reading Certificate file.
depth:1 serial:00 subject:CN=United Internet CA,OU=PKI,O=United Internet,C=DE
depth:0 serial:01 subject:serialNumber=1,CN=Michael Konietzka,OU=Schlund,O=United Internet,C=DE
signature:error:-1
)..
What works well is "test certifcate" on pub interface. This signature is reported valid.
I use mozilla1.7(de-AT) with builtin-crypto with latest cvs.
Another crypto bug is in on the CA-Interface: Information->CA-certificates leeds to following error:
Error Invalid signature of the role of the user 13895de454b0286e0808ae49eb8d902d. (Hackers on the Road?) The errorcode from the cryptoshell is 7742075. OpenCA::OpenSSL->verify: openca-sv failed. Error]: error:0906D06C:PEM routines:PEM_read_bio:no start line
General Error. 6295030.
CRL seems not work correct with this CVS, upload of approved CSR is not working after i issued the first certificate.
Not my day ...
Regards Michael
-- Dipl.-Inform. Michael Konietzka Schlund + Partner AG
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
