Hi, thank you, this solves the problem. But why does SSL_library_init() not load all algorithms? Are there any export restrictions?
Thanks, Dominic Dominic Wollner Dipl.-Inf. (FH) Development & Research Linux ____________________________________________________ IGEL Technology - The world’s most advanced thin clients Many Functions. One Device. ® IGEL Technology GmbH Annastr. 11 86150 Augsburg, Germany Email: woll...@igel.com Phone: +49 (0)821 34 32 08 - 233 Fax: +49 (0)821 34 32 08 - 9 www.igel.com - www.igel.de IGEL Technology is a member of the Melchers group. Managing Directors: Heiko Gloge, Nicolas C. S. Helms, Dirk Dördelmann, Andreas Schönduve District Court Bremen (Germany) HRB 20636, VAT: DE 219524359 Confidentiality Note: The information contained in this transmission is legally privileged and confidential, intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you receive this communication in error, please notify us immediately by telephone call to +49 (0)821 34 32 08 - 233 and delete the message. Thank you! Please consider the environment before printing this email or its attachments. Many thanks... -----Ursprüngliche Nachricht----- Von: Stephen Henson via RT [mailto:r...@openssl.org] Gesendet: Freitag, 15. Februar 2013 14:53 An: Dominic Wollner Cc: openssl-dev@openssl.org Betreff: [openssl.org #2991] Certifacte verification with a RSA-SHA512 hash algorithm fails On Fri Feb 15 10:24:22 2013, woll...@igel.com wrote: > > we are using OpenSSL 0.9.8k. It's not the command line utility. > We are linking against libcrypto and libssl. We load the CA > certificates with SSL_CTX_set_default_verify_paths (c_rehash has been > executed before), disable the automatic verification by setting > SSL_CTX_set_verify to SSL_VERIFY_NONE, to the handshake with > BIO_do_handshake, get the server certificate with > SSL_get_peer_certificate and then verify the certificate by using > SSL_get_verfify_result. The result value of this function is set to > X509_V_ERR_CERT_SIGNATURE_FAILURE. The problem seems to be the > signature algorithm which is used: sha512WithRSAEncryption. > Are you including a call to OpenSSL_add_all_algorithms() in your application? SSL_library_init() only adds a subset of supported signature algorithms and doesn't include SHA512. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org