Re: [OpenCA-Devel] New Version

Tue, 20 Dec 2005 11:43:07 -0800 

Hi, Michael,

Do we have an expert in Visual Basic to fix annoying bug reported by

Johannes Derek on Dec 15 (see below)?

All the best, Sergei


Michael Bell wrote:
Yes, I will check the translations from Peter tomorrow morning/afternoon and I think we will release after this. 


============================

OpenCA Version  : snapshot of the 0.9.2 stable branch
Perl Version    : v5.8.4
OpenSSL Version : OpenSSL 0.9.8 05 Jul 2005
Operating System: Debian Sarge
Used Browsers   : IE 6.0 (Firefox 1.5)
Used Language(s): de_DE
Special Changes : utf-8 enabled

Hi,

I am not quite sure whether my problem is a bug in OpenCA or whether I have a 
configuration error.

I have downloaded the snapshot of the 0.9.2 stable branch as described at 
demo2.openca.info and enabled utf-8 support.

When trying to approve a CSR which has german umlauts in the cn (Mäx 
Müstermänn) I get an error if I use the Internet Explorer for signing:

Fehler 6206
Allgemeiner Fehler Es konnte kein PKCS#7-Objekt aus der extrahierten Signatur 
erstellt werden!
OpenCA::PKCS#7 gab den Fehlercode 7911031 zurück (Die Signatur konnte nicht 
initialisiert werden (7912021). Die Signatur eines PKCS#7-Objektes konnte nicht 
ausgewertet werden (7921021). Das kryptographische System konnte die Signatur 
eines PKCS#7-Objektes nicht verifizieren (7742075). OpenCA::OpenSSL->verify: 
openca-sv failed. [Error]: error:04077068:rsa routines:RSA_verify:bad signature
[Info]: Input file intialized.
[Info]: Signaturefile initialized.
[Info]: Reading Certificate file.
[Info]: PKCS#7 object loaded.
[Info]: Data is ready for verification.
[Info]: Signature Informations (PKCS#7):
depth:1 serial:A2C20CF20A68FF42 subject:CN=ELK-WUE Test CA,DC=ELK-WUE,DC=DE
depth:0 serial:01 subject:CN=Derek Test1,DC=ELK-WUE,DC=DE
[Info]: Signature is corrupt. Errorcode -1.
signature:error:-1
).

Signing the same CSR with Mozilla Firefox works.

When I take a look at the temporary files created by OpenSSL->verify the 
xxx_data.tmp file seems to be encoded as UTF-8. After I encode this file as LATIN1 
using iconv the call of openca-sv verify works with the IE signature.
Taking a look at the signForm.vbs Script it seems like the text signed by CAPICOM is intentionally converted to ASCII/LATIN1. If I remove this call to the UnicodeToAscii function the verification of the signature still doesn't work, because the data seems now to be encoded as Unicode. After I convert the new data.tmp file from UTF-8 to UNICODELITTLE with iconv the openca-sv verify command works. 

Now I am not sure whether I have made an error during the setup of the OpenCA 
server or whether this is a bug in the OpenCA utf-8 support.

Do you know how to solve this problem?

Tahnks & Regards
Johannes Derek


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users








-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to