Mats, We used the S/MIME Freeware Library to successfully verify the 5.1 and 5.9 samples. We have not tried to use OpenSSL's S/MIME implementation to verify any of the samples. =========================================== John Pawling, [EMAIL PROTECTED] Getronics Government Solutions, LLC =========================================== -----Original Message----- From: Mats Nilsson [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 22, 2001 10:29 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: OpenSSL S/MIME validation against draft-ietf-smime-examples? Hi [openssl-0.9.6, WinNT4sp6] I tried to verify OpenSSL's S/MIME implementation using the sample messages in http://www.ietf.org/internet-drafts/draft-ietf-smime-examples-06.txt First I ran into problems with their base64 encoding, which was rejected by OpenSSL due to long lines. To make OpenSSL decode these files, I reformatted the contents to fit into the 80 character/line restriction. Then I tried the tests 5.1 and 5.9 (Basic DH-DSS signed contents, CMS and S/MIME formatted). No matter what I tried (different certificates, different options) I couldn't make OpenSSL verify the document signature. The certificate chain verification works, though. I tried something like the following (after having converted the supplied certificates to pem): $ openssl smime -verify -certfiles AliceDss.pem -CAfile CarlDssSelf.pem -in 5.9.eml This is some sample content.Verification Failure 386:error:0A071003::lib(10) :DSA_do_verify:BN lib:.\crypto\dsa\dsa_ossl.c:288: 386:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature failure:.\cryp to\pkcs7\pk7_doit.c:815: 386:error:21075069:PKCS7 routines:PKCS7_verify:signature failure:.\crypto\pkcs7\ pk7_smime.c:248: A side comment, I tried the first basic validation test of the NIST X.509 Path Validation suite (http://csrc.nist.gov/pki/testing/x509paths.html), which works. That one uses RSA. Has anyone successfully verified the OpenSSL S/MIME implementation with these samples? Are the samples incorrect? Am I using OpenSSL incorrectly? Regards, Mats Nilsson ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
