Hello all,
mdc2 algorithm is not listed as enabled by default in 1.0+.
What is current status to this algorithm ?
It seems to me** result of openssl 0.9.8t digest command (*openssl*
*dgst -mdcs2..) *is not compatible with openssl 1.0+ .
Another issue is between 0.9.8, 1.0.0 and upcoming 1.0.1 . If a
certificate use mdcd2 algorithm created by openssl 0.9.8 it could be
verified by 0.9.8 and 1.0.0+ but fail with 1.0.1(stable branch). Same if
for certificates created by 1.0.0+ - verify command succeed with 0.9.8
and 1.0.0+ and fail with 1.0.1. Certificates created with 1.01 could be
verified only with 1.0.1 and verification fail with earlier version.
Issue with certificates apply to CRLs
Regards,
Roumen Petrov
P.S. high level log with test case failure:
=== entering .../origin+x509-7.1x-0.9.8t/...
... testing with OpenSSL 0.9.8t 18 Jan 2012 ...
testid_rsa-rsa_mdc2.crt: OK
... testing with OpenSSL 1.0.0e 6 Sep 2011 ...
testid_rsa-rsa_mdc2.crt: OK
... testing with OpenSSL 1.0.1-beta3-dev xx XXX xxxx ...
140694362371744:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140694362371744:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_SIG
140694362371744:error:0D0C5006:asn1 encoding
routines:ASN1_item_verify:EVP lib:a_verify.c:215:
testid_rsa-rsa_mdc2.crt: C = XX, ST = World, O = OpenSSH Test Team
cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4, OU = OpenSSH
Testers cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4-2, OU = OpenSSH
Testers cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4-1, OU = OpenSSH
Testers cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4-3, CN = OpenSSH
RSA test certificate(rsa_mdc2), emailAddress = em...@not.set
error 7 at 0 depth lookup:certificate signature failure
...
=== entering .../origin+x509-7.1x-1.0.0e/...
... testing with OpenSSL 0.9.8t 18 Jan 2012 ...
testid_rsa-rsa_mdc2.crt: OK
... testing with OpenSSL 1.0.0e 6 Sep 2011 ...
testid_rsa-rsa_mdc2.crt: OK
... testing with OpenSSL 1.0.1-beta3-dev xx XXX xxxx ...
140606705821344:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140606705821344:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_SIG
140606705821344:error:0D0C5006:asn1 encoding
routines:ASN1_item_verify:EVP lib:a_verify.c:215:
testid_rsa-rsa_mdc2.crt: C = XX, ST = World, O = OpenSSH Test Team
cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4, OU = OpenSSH
Testers cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4-2, OU = OpenSSH
Testers cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4-1, OU = OpenSSH
Testers cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4-3, CN = OpenSSH
RSA test certificate(rsa_mdc2), emailAddress = em...@not.set
error 7 at 0 depth lookup:certificate signature failure
...
=== entering .../origin+x509-7.1x-1.0.1_stable/...
... testing with OpenSSL 0.9.8t 18 Jan 2012 ...
2955:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1315:
2955:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested
asn1 error:tasn_dec.c:827:
2955:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:173:
testid_rsa-rsa_mdc2.crt: /C=XX/ST=World/O=OpenSSH Test Team
cyrillic-\xD0\x90\xD0\x91\xD0\x92\xD0\x93\xD0\xB0\xD0\xB1\xD0\xB2\xD0\xB3 greek-\xCE\x91\xCE\x92\xCE\x93\xCE\x94\xCE\xB1\xCE\xB2\xCE\xB3\xCE\xB4
error 7 at 0 depth lookup:certificate signature failure
... testing with OpenSSL 1.0.0e 6 Sep 2011 ...
140412084995744:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140412084995744:error:0D06C03A:asn1 encoding
routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:831:
140412084995744:error:0D0C5006:asn1 encoding
routines:ASN1_item_verify:EVP lib:a_verify.c:184:
testid_rsa-rsa_mdc2.crt: C = XX, ST = World, O = OpenSSH Test Team
cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4, OU = OpenSSH
Testers cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4-2, OU = OpenSSH
Testers cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4-1, OU = OpenSSH
Testers cyrillic-\D0\90\D0\91\D0\92\D0\93\D0\B0\D0\B1\D0\B2\D0\B3
greek-\CE\91\CE\92\CE\93\CE\94\CE\B1\CE\B2\CE\B3\CE\B4-3, CN = OpenSSH
RSA test certificate(rsa_mdc2), emailAddress = em...@not.set
error 7 at 0 depth lookup:certificate signature failure
... testing with OpenSSL 1.0.1-beta3-dev xx XXX xxxx ...
testid_rsa-rsa_mdc2.crt: OK
...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
