I want to thank everyone who replied for the help. I figured out what went wrong.
Two things. The RSA public key wasn't loaded with the correct values. Thank you for giving a hint about that. The second thing was the data to verify somehow included the OID of the signature. So the second time the OID is in the file. This should've been omitted from the data, but somehow didn't Thank you all for the help. On Thu, Nov 28, 2013 at 2:26 PM, Dereck Hurtubise <djhurtub...@gmail.com>wrote: > It is NTP indicating that this certificate is held by a supposed trusted > root (authority). > This is NTP's way of figuring out if the certificate of the subject/issuer > should be trusted or not. > > So they misuse X509 extensions for their own purposes. > > This alone is not enough. > So they also implement a challenge/response scheme that they do after the > certificates are verified. > > Read RFC 5906 (autokey) on the CERT message/exchange for more information > and why they do this. > The Trust Root is used in the identity exchange scheme after the CERT > exchange. Also in the RFC. > > > On Thu, Nov 28, 2013 at 2:07 PM, Walter H. <walte...@mathemainzel.info>wrote: > >> Hi, >> >> On Wed, November 27, 2013 16:02, Dereck Hurtubise wrote: >> > X509v3 Extended Key Usage: >> > Trust Root >> >> what is this strange? >> 'Trust Root' as "Extended Key Usage"? >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > >
