Hey Richard

here’s what I see

# openssl help
openssl:Error: 'help' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms
crl               crl2pkcs7         dgst              dh
dhparam           dsa               dsaparam          ec
ecparam           enc               engine            errstr
gendh             gendsa            genpkey           genrsa
nseq              ocsp              passwd            pkcs12
pkcs7             pkcs8             pkey              pkeyparam
pkeyutl           prime             rand              req
rsa               rsautl            s_client          s_server
s_time            sess_id           smime             speed
spkac             ts                verify            version

Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               rmd160
sha               sha1

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb
aes-256-cbc       aes-256-ecb       base64            bf
bf-cbc            bf-cfb            bf-ecb            bf-ofb
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb
des               des-cbc           des-cfb           des-ecb
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb
des-ofb           des3              desx              idea
idea-cbc          idea-cfb          idea-ecb          idea-ofb
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc
rc2-cfb           rc2-ecb           rc2-ofb           rc4
rc4-40            rc5               rc5-cbc           rc5-cfb
rc5-ecb           rc5-ofb           seed              seed-cbc
seed-cfb          seed-ecb          seed-ofb          zlib

so I do see md5 in the list of digests

what else should I be looking at ? 
is there a way to get some sort of error code or something that would at least 
hint at a direction..

thanks — Thierry

> On 13 Jan 2017, at 16:37, Richard Levitte <levi...@openssl.org> wrote:
> In message <41a36a7f-ff5d-4190-9178-e9ff11aff...@inria.fr> on Fri, 13 Jan 
> 2017 11:28:40 +0100, Thierry Parmentelat <thierry.parmente...@inria.fr> said:
> thierry.parmentelat> I am facing a problem that I have narrowed down to this:
> thierry.parmentelat> 
> thierry.parmentelat> I have two certificates, one being signed by the other
> thierry.parmentelat> the attached code is a python code that uses M2Crypto to 
> check for that fact
> thierry.parmentelat> 
> thierry.parmentelat> and it turns out, on some boxes x509_verify() returns 1 
> as expected, while on some others I am getting -1
> thierry.parmentelat> 
> thierry.parmentelat> 
> thierry.parmentelat> ---
> thierry.parmentelat> I apologize that I am not able to write a pure C code 
> that would reproduce the issue (I’m afraid that me trying to achieve that 
> would just lead to more artificial problems than be actually helpful in any 
> way :)
> thierry.parmentelat> 
> thierry.parmentelat> the m2crypto guys tell me they are essentially just 
> passing stuff along to openssl’s function
> thierry.parmentelat> X509_verify
> thierry.parmentelat> as described here
> thierry.parmentelat> 
> https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html
> Considering both certs in the attached script use the signature
> algorithm md5WithRSAEncryption, you could get that kind of error with
> an OpenSSL installation where MD5 has been disabled.  'openssl help'
> will show you what's enabled, or 'openssl list -disabled' (with
> OpenSSL 1.1.0) to see what's disabled.
> There are other things that can give you a -1 as well...
> Cheers,
> Richard
> -- 
> Richard Levitte         levi...@openssl.org
> OpenSSL Project         http://www.openssl.org/~levitte/

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to