Re: [Openca-Users] Upgrade from 0.9.1-8 and Error 560

Fri, 24 Feb 2006 19:31:06 -0800

can I stored CSR in the other format,not use DOS format?
Where I can change this in the source code?
thanks

 
2006/2/24, Peter Pramberger <[EMAIL PROTECTED]>:
I'm only using Mozilla, no IE/Windows here.  ;-)

All the archived CSR's have been created/signed using Mozilla (Basic Request).
In 0.9.1 the verification always succeeds. In 0.9.2.5, after import, it always
fails with "Digest Mismatch", because the CSR is stored in DOS format in the DB.


Regards,
Peter


郑依华 schrieb:
> maybe you use IE to do the signature or do the verfity,
> you can try the mozilla,maybe it is OK,
> I use IE to do the signature has the same error.
> but mozilla is OK
>
>
>
> 2006/2/24, Peter Pramberger <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED] >>:
>
>     Hi all!
>
>     I'm currently in the process of upgrading our OpenCA installation
>     from 0.9.1-8
>     to 0.9.2.5 < http://0.9.2.5>. Configuration has been adapted and the
>     database has been reimported.
>     But when displaying the archived CSR's I get
>
>       Cannot build PKCS#7-object from signature!
>
>     in the Operator column and the signature error button appears on the
>     detail
>     page. The error displayed is
>
>       General Error Signature Object not returned, check the
>     openca-verify command.
>       Cannot build PKCS#7-object from extracted signature!
>       OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot
>       initialize signature (7912021). OpenCA::PKCS7->initSignature:
>     Cannot parse
>       signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend
>     cannot
>       verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv
>     failed.
>       [Error]: Digest mismatch. Signature is wrong.
>       [Info]: Input file intialized.
>       [Info]: Signaturefile initialized.
>       [Info]: Reading Certificate file.
>       [Info]: PKCS#7 object loaded.
>       [Info]: Data is ready for verification.
>       [Info]: Signature Informations (PKCS#7):
>       depth:1 serial:00 subject:REMOVED
>       depth:0 serial:0E subject:serialNumber=14,CN=CA Administrator,...
>       [Info]: Signature is corrupt. Errorcode -1.
>       signature:error:-1
>       ).
>
>     I've played around a bit and rescued the tempfiles from deletion.
>     When verifying
>     the signature on the command line using
>
>       openca-sv verify -verbose -cf
>     /var/lib/openca/crypto/cacerts/cacert.pem
>       -cd /var/lib/openca/crypto/chain -data 13286.req -in 13286.sig
>
>     I get the same error as above. When I convert the request file to
>     unix format
>     (dos2unix) however the verification succeeds:
>
>       signature:ok:1
>
>     One way to convert the requests would be to untar the database
>     export, convert
>     the requests and retar it before import in the new version. Is there
>     a way to
>     convert the requests in the database (using DBM)?
>
>
>     Regards,
>     Peter
>
>
>
>
>     -------------------------------------------------------
>     This SF.Net email is sponsored by xPML, a groundbreaking scripting
>     language
>     that extends applications into web and mobile media. Attend the live
>     webcast
>     and join the prime developer group breaking into this new coding
>     territory!
>     http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>     < http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642>
>     _______________________________________________
>     Openca-Users mailing list
>     [email protected]
>     <mailto:[email protected]>
>     https://lists.sourceforge.net/lists/listinfo/openca-users



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmdlnk&kid0944&bid$1720&dat1642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users



--
Yihua Zheng

Reply via email to