Hi, we have a problem when sing a CRR, it gives me the follow error:
Error 6206
General Error Cannot build PKCS#7-object from extracted signature!
OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot
initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot
parse signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend
cannot verify the signature (7742075). OpenCA::OpenSSL->verify:
openca-sv failed. [Error]: error:04077068:rsa routines:RSA_verify:bad
signature
[Info]: Input file intialized.
[Info]: Signaturefile initialized.
[Info]: Reading Certificate file.
[Info]: PKCS#7 object loaded.
[Info]: Data is ready for verification.
[Info]: Signature Informations (PKCS#7):
depth:1 serial:818C842BA88E78BF
subject:[EMAIL PROTECTED],CN=xxxxxxxx,OU=PKI-PRUEBAS,O=PRUEBAS-xxxxxxx,C=ES
depth:0 serial:03
subject:serialNumber=3,CN=RA-Admin,OU=PKI,O=PRUEBAS-xxxxxxx,C=ES
[Info]: Signature is corrupt. Errorcode -1.
signature:error:-1
).
We have installed OpenCA en Debian testing (Openssl 0.9.8a and Mysql
4.1) with OpenCA 9.2.5 (UTF8) and Openca works in general fine (only
failed sign revocation in RA). The error happen when it use approveCRR,
exactly in.
my $signer = libGetSignatureObject( OBJECT=>$req );
if ( not $signer )
generalError ($errval, $errno);
}
The problem is returned by libGetSignatureObject, I think is possible
that req structure has not been correctly created or malformed because
the similar function in approveCSR works well.
Any idea are welcome.
Regards Pablo.
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
