>> As you asked I send you two of
those
>> requests that pass the verification test of SSLeay 0.8.1 but not of
>> OpenSSL 0.9.2b and higher (I didn't test the versions in between).
>I tested DrorReq.pem with SSLeay 0.8.1b (which, I think, is like 0.8.1
>except for a change related to the Bleichenbacher attack on PKCS #1,
>which did not have any effect on any actual computations), and
>verification failed also with that version. Both with 0.8.1b and
>0.9.2b, the hash can be obtained from the RSA signature and has
>correct length etc., but differs from the one computed for
>verification.
>All this seems to suggest that in 0.8.1 there was a platform-specific
>bug in either the encoding functions used by i2d_X509_REQ_INFO (most
>likely in the integer encoding), or in the hash computation. On what
>platform ("Configure" entry) did you compile and use 0.8.1?
I compiled SSLeay/OpenSSL on WIN32 (NT) platform. DrorReq.pem is a
request that SSLeay 0.8.1 generated (including the RSA key pair). I
tried to verify those requests on three other WIN32 systems, and the
result was the same ( OK with 0.8.1 and failure with 0.9.2b and higher
). I tried it also on an older version, 0.6.6b, and the verification was
OK. I download and compiled 0.8.1b and the verification was OK as well.
I tried then to download and compile the versions in between ( 0.9.0b &
0.9.1c ) and see from which one the verification test fails but
unfortunately I was not able to compile any of them on my system due to
the following failure:
in32.asm
The name specified is not recognized as an
internal or external command, operable program or batch file.
NMAKE : fatal error U1077: 'ml' : return code '0x1'
Stop.
begin:vcard
n:Otmi;Dror
tel;home:041/2404310
tel;work:041/7571588
x-mozilla-html:FALSE
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
fn:Dror Otmi
end:vcard
