RE: Code that worked now fails; expired certs? Expired signatures? Which is it?

Wed, 29 May 2002 16:03:30 -0700 


> Your certificate is expired.

You're right - it was. I was overlooking this because other testing
tools
were showing it to be valid.

> Your chain is complete...

Ok. Now I'm testing with a more recent signature, one whose certificate
is not in fact expired. Here's what I see:

------------------------------------------------------------------------
-------

depth=2 /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification
Authority
verify return:1

depth=1 /O=VeriSign, Inc./OU=VeriSign Trust
Network/OU=www.verisign.com/reposito
ry/RPA Incorp. By Ref.,LIAB.LTD(c)98/CN=VeriSign Class 1 CA Individual
Subscribe
r-Persona Not Validated
verify return:1

depth=0 /O=VeriSign, Inc./OU=VeriSign Trust
Network/OU=www.verisign.com/reposito
ry/RPA Incorp. by Ref.,LIAB.LTD(c)98/OU=Persona Not Validated/OU=Digital
ID Clas
s 1 - Microsoft Full Service/CN=Robert [EMAIL PROTECTED]
verify return:1

{ My debug messages here :}
Current signature is bad. 
Signature is *NOT* valid.

2432:error:04077068:rsa routines:RSA_verify:bad
signature:.\crypto\rsa\rsa_sign.
c:210:
2432:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature
failure:.\cry
pto\pkcs7\pk7_doit.c:806:

------------------------------------------------------------------------
-------

I want to be very sure I understand what I'm seeing, so I apologize if
this is
an elementary question: There's a valid chain to the root certificate
for my
signing certificate, but the actual signature is bad. Is this correct?

> In order to help you in testing, I would recommend you to use the
> "openssl verify" command line utility. This way problems with the
> certificates will become independent from problems with your
> implementation.

Neither the detached data nor the signatures are in standard formats, so
there
will always be some of my code involved. But I will try to use the
verify tool
shortly.

- Bob

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to