Bonjour,
I need to be able to verify different "real world" certificates, some
of them signed using sha{1,256}withRSA, some using
ecdsa-with-SHA{1,256}, and some using rsassaPss.
For the "sha*withRSA" ones, the stable branch is OK.
For the "ecdsa-with-SHA256" ones, I needed to download a development
version (0.9.8 branch doesn't support it).
And, for the "rsassaPss" ones, I needed to export a version dated "7
Feb 2010" version, and apply the proposed patch (I don't remember the
RT number). I performed a checkout from my local mirror of the OpenSSL
CVS repository (cvs co -D "7 feb 2010" external/openssl).
Applying the patch resulted in a positive and a negative effect:
- I was able to verify the rsassaPss certificates
- I wasn't able to verify ecdsa-with-SHA{1,256} certificates (yes,
even SHA1 ones)
The error I get is the following:
error 7 at 0 depth lookup:certificate signature failure
3085249240:error:1009107F:elliptic curve
routines:d2i_ECPKParameters:pkparameters2group failure:ec_asn1.c:1067:
3085249240:error:10090010:elliptic curve routines:d2i_ECParameters:EC
lib:ec_asn1.c:1355:
3085249240:error:100D4010:elliptic curve routines:ECKEY_PARAM_DECODE:EC
lib:ec_ameth.c:528:
I can provide certificates if necessary (those are passport
certificates from different countries)
--
Erwann ABALEA <[email protected]>
-----
All men can fly, but sadly, only in one direction -- down
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
