On Tue, Aug 09, 2005 at 08:54:44PM +0200, Dr. Stephen Henson wrote: > On Tue, Aug 09, 2005, Peter BENKO,VSE IT > Sluzby,+421-55-610-2045,+421-903-855532 wrote: > > > I have problem with signature verification: > > > > When I try to verify the SMIME signed message (hello.txt.p7m - see > > attachment) with the command: > > openssl smime -verify -in hello.txt.p7m -inform DER -CAfile ca-bundle.crt > > -out /dev/null > > > > I obtain the following error message: > > Verification failure > > 12491:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate > > not found:pk7_smime.c:326: > > > > ... but signer certificate is inside of the SMIME message (together with > > the certificate of Certificate authority). It is possible to verify > > with: > > > > openssl smime -pk7out -in hello.txt.p7m -inform DER -out a.pem > > openssl pkcs7 -in a.pem -print_certs > > ... and you'll see both certificates > > > > So why it's not possible to verify the signature? > > > > Verifies fine here using OpenSSL. What version/platform are you using? Thank you very much. I realized that OpenSSL 0.9.7e is not able to verify this signature and OpenSSL 0.9.7f is.
The reason was in wrong encoding (PRINTABLESTRING, UTF8STRING) of certificates. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
