Hi Steve,
Thanks for your prompt response. I was thinking the same thing, but haven't dealt with the OpenSSL source code for some time, and then only looking through it for curiosity's sake.
I will be installing a new download of the package from SunFreeware.com and testing it on a non-production server.
Do you or any of the team know of problems like this using GCC on Sun/Solaris machines? I was able to pull the following strings from the unstripped openssl executable, and I think it must have been gcc 2.9... (probably 2.95) used for compilation.
The machine currently has gcc 3.2.3 installed (another SunFreeware package) (The reason behind all the packages is that we have several farms of similar servers that all need to be kept as identical as possible)
Regards,
Con.
> At 19:26 10/11/2004 +0100, you wrote:Sounds like the RSA code isn't functioning correctly: possibly due to a bug in the compiler used with that version.
Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
________________________________________________________________________
On Wed, Nov 10, 2004, System Administrator wrote:
> Hi,
>
> I wonder if anyone might be able to shed some light on a very
> strange phenomena we're seeing when we try to generate CSRs.
>
> I can create a key with
> :openssl genrsa ...
> and then I creat a certificate signing request with
> :openssl req -new -key keyfile.key -out csrfile.csr
>
> This goes through the normal questions, and creates the file "csrfile.csr"
> without any complaints.
>
> When I try to use this csr to generate a self-signed certificate I
> invariably
> get "signature did not match the certificate request".
>
> Further investigation leads to the fact that each new repetition of the same
> csr using the same key always produces a different signature on the csr, on
> one server, and yet the same key on a different server ALWAYS produces the
> same
> CSR (given the same DN and so on of course)
>
> The openssl version 0.9.6i was installed on a Solaris 8 sun machine from a
> SunFreeware package.
>
> Does anyone know of a bug that we may have, and where it might be?
>
> I intend to uninstall the package, and replace it with newer one, however
> its on a live production server so downtime is sparse.
>
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
