On Tue, Mar 09, 2010, Erwann ABALEA wrote: > Hodie post. Non. Mar. MMX, Stephen Henson via RT scripsit: > > I've now committed code to the development branch which includes PSS > > signature verification support. I'll look into PSS signing at some point > > too. > > > > Let me know of any problems. > > I can't verify ecdsa-with-SHA256 certificates, the ones transmitted a > few days ago (German passports), with the same error > (d2i_ECPKParameters function). > > The verification of the root against itself is OK, though. >
Well that doesn't check the signature any more unless you include -check_ss_sig > Of course, the verification of a subordinate certificate against the > root is/was OK with the Feb 7 version, without the RSASSA-PSS patch. > That's odd they both verify fine here. Do you have any of the old patch code in place? I ended up using a completely different technique in HEAD. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
