Hodie VII Id. Mar. MMX, Dr. Stephen Henson scripsit: > On Tue, Mar 09, 2010, Erwann ABALEA wrote: > > > I can't verify ecdsa-with-SHA256 certificates, the ones transmitted a > > few days ago (German passports), with the same error > > (d2i_ECPKParameters function). > > > > The verification of the root against itself is OK, though.
> Well that doesn't check the signature any more unless you include > -check_ss_sig Hmmm... Thanks, this option doesn't appear in the help text. > > Of course, the verification of a subordinate certificate against the > > root is/was OK with the Feb 7 version, without the RSASSA-PSS patch. > > That's odd they both verify fine here. > > Do you have any of the old patch code in place? I ended up using a completely > different technique in HEAD. You were right, I certainly still had some of the old patch. With a new version freshly exported and compiled, everything's fine, both RSASSA-PSS and ecdsa-with-SHA256. Thanks. -- Erwann ABALEA <erwann.aba...@keynectis.com> ----- When uncertain, or in doubt, run in circles and scream. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
