Re: [OpenCA-Devel] Verification Problems - current state

[Michael Bell]

Michael Konietzka wrote:
I have the same problem here:
Signing of CSR, CRR  don't work correctly.
Example view the CRR  there is Invalid signature reported.
Browser message:
            Error 560
                  General Error. Signature Object not returned, check 
the openca-verify command. Cannot build PKCS#7-object from extracted 
signature!
                  OpenCA::PKCS7 returns errorcode 7911031 
(OpenCA::PKCS7->new: Cannot initialize signature (7912021). 
OpenCA::PKCS7->initSignature: Cannot parse signature (7921021). 
OpenCA::PKCS7->getParsed: The crypto-backend cannot verify the signature 
(7742075). OpenCA::OpenSSL->verify: openca-sv failed. [Info]: PKCS#7 
object loaded.
                  [Info]: Data is ready for verification.
                  [Info]: Signature Informations (PKCS#7):
                  [Info]: Signature is corrupt. Errorcode -1.
                  [Error]: Digest mismatch. Signature is wrong.
                  [Info]: Input file intialized.
                  [Info]: Signaturefile initialized.
                  [Info]: Reading Certificate file.
                  depth:1 serial:00 subject:CN=United Internet 
CA,OU=PKI,O=United Internet,C=DE
                  depth:0 serial:01 subject:serialNumber=1,CN=Michael 
Konietzka,OU=Schlund,O=United Internet,C=DE
                  signature:error:-1
                  )..
I commited some seconds ago the next patch for crypto-utils.lib and 
REQ.pm. This patch fixes several \n and \r\n issue which break the 
verification. The only interesting question is now where the system is 
broken now.

The problems with the CA certificate are commented in the BTS on 
sourceforge. Perhaps I can take a look on it tomorrow.

Michael
--
-------------------------------------------------------------------
Michael Bell                   Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice            Tel.: +49 (0)30-2093 2482
(Computing Centre)                        Fax:  +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin                   Email (private): [EMAIL PROTECTED]
Germany                                       http://www.openca.org

-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel