Michael, while you have the signature verification code open I thought I would also bring this to your attention...
The main use I make of signatures in OpenCA is to sign approvals so I can use the CA Batch Processor to process them. I have installed the patched crypto-utils.lib and PKCS7.pm on the RA and CA. If I look at a signed approval I can see the "Valid Signature Icon". Clicking on the icon I can see the Signer information and the signature is valid, correctly verified and the cert is present in the data base. Cool. If I now run the Batch Processor and select "Issue Certificates", I enter the CA password then get the following error: CSR 1056 ignored becasue the verification of the signer's role failed. Error: 7932021. OpenCA::PKCS7->parseDepth: The chain is not complete. I am sure that the chain is set up correctly a) becasue of the above verification and b) because the chain certs are owned by Apache and I used the CA Initialisation to run the make file. Hopefully this is just another bug in the PKCS7.pm. Chris... ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
