I have a certificate (sod.pem) that openssl is unable to verify: openssl smime -verify -in sod.pem -inform pem -noverify > sod.data Verification failure 2538:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:378:
the problem is that the dsn order:
the problem is the dsn order:
openssl cms -cmsout -in sod.pem -inform PEM -noout -print|grep issuer:
issuer: C=IT, O=MINISTERO DELL'INTERNO, OU=PE,
CN=CERTIFICATION AUTHORITY
issuer: CN=CERTIFICATION AUTHORITY, OU=PE, O=MINISTERO
DELL'INTERNO, C=IT
the problem seems quite frequent:
http://old.nabble.com/Problem-with-verifying-of-PKCS7-structure-signed-with-ECDSA-certificate-td27717780.html
and I cannot find specifications that speak about dsn order, so I thinks
this is an openssl bug, some closed software are able to verify the pem
attached,
this bug is present in openssl 1.0.0d and openssl 0.9.8o, no other
versions tested,
regards
Nicola
sod.pem
Description: application/x509-ca-cert
sod.bin
Description: Binary data
