From: owner-openssl-us...@openssl.org On Behalf Of tho...@koeller.dyndns.org
Sent: Thursday, October 30, 2014 14:50
I have... root_ca.pem ... self-signed ... issued host_ca.pem ...
I would expect the two to form a valid chain. And indeed,
verification succeeds:
... openssl verify -CAfile
On 10/31/2014 03:24 PM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of tho...@koeller.dyndns.org
Sent: Thursday, October 30, 2014 14:50
I have... root_ca.pem ... self-signed ... issued host_ca.pem ...
I would expect the two to form a valid chain. And indeed,
Hi,
trying to build a valid certificate chain, I came across the following
problem:
I have two certificates. The first one, contained in file root_ca.pem,
is a self-signed root CA, intended to sign intermediate CA's with. The
second
one, contained in host_ca.pem, is such an intermediate CA,
://www.nabble.com/OpenSSL-verification-problem-tp20111876p20127933.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
routines:PKCS7_signatureVerify:digest
failure:pk7_doit.c:948:
1893:error:21075069:PKCS7 routines:PKCS7_verify:signature
failure:pk7_smime.c:312:
Sincerelly,
Kadir.
--
View this message in context:
http://www.nabble.com/OpenSSL-verification-problem-tp20111876p20111876.html
Sent from the OpenSSL - User mailing list
in context:
http://www.nabble.com/Verification-problem-tf3714215.html#a10389714
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support
On Tue, Aug 09, 2005 at 08:54:44PM +0200, Dr. Stephen Henson wrote:
On Tue, Aug 09, 2005, Peter BENKO,VSE IT
Sluzby,+421-55-610-2045,+421-903-855532 wrote:
I have problem with signature verification:
When I try to verify the SMIME signed message (hello.txt.p7m - see
attachment) with
I have problem with signature verification:
When I try to verify the SMIME signed message (hello.txt.p7m - see
attachment) with the command:
openssl smime -verify -in hello.txt.p7m -inform DER -CAfile ca-bundle.crt -out
/dev/null
I obtain the following error message:
Verification failure
On Tue, Aug 09, 2005, Peter BENKO,VSE IT
Sluzby,+421-55-610-2045,+421-903-855532 wrote:
I have problem with signature verification:
When I try to verify the SMIME signed message (hello.txt.p7m - see
attachment) with the command:
openssl smime -verify -in hello.txt.p7m -inform DER -CAfile
I run into invalid CA certificate (X509_V_ERR_INVALID_CA) error when I
was trying to
verify a third level certificates with OpenSSL 0.9.8. It seems that the
code in check_chain_extensions()
function in crypto/x509/x509_vfy.c file assumes that either certificate
must be directly signed by CA
Aleksey Sanin writes:
I run into invalid CA certificate (X509_V_ERR_INVALID_CA) error when I
was trying to
verify a third level certificates with OpenSSL 0.9.8. It seems that the
code in check_chain_extensions()
function in crypto/x509/x509_vfy.c file assumes that either certificate
must be
Thanks for quick response and explanations! You are right, the
second certificate in the chain did not have CA ext flag set and
0.9.8 did not like it while 0.9.6/0.9.7 ignore this problem.
Very strange that I missed this till now :(
Thanks again,
Aleksey
Aleksey Sanin writes:
Thanks for quick response and explanations! You are right, the
second certificate in the chain did not have CA ext flag set and
0.9.8 did not like it while 0.9.6/0.9.7 ignore this problem.
Yup, it's true, OpenSSL has become tougher on non-compliant CA certificates.
On Fri, Jul 08, 2005 at 10:52:47AM +0200, Richard Levitte wrote:
Aleksey Sanin writes:
Thanks for quick response and explanations! You are right, the
second certificate in the chain did not have CA ext flag set and
0.9.8 did not like it while 0.9.6/0.9.7 ignore this problem.
Yup, it's
Victor Duchovni writes:
Should we call not allowing CA certs with CA:FALSE or a Key Usage that
does not include certificate signing less buggy, rather than tougher?
Sure :-).
Cheers,
Richard
-
Please consider sponsoring my work on free software.
See
Howard Chan wrote:
What about using the openssl commands? ie. x509, rsautl, dgst, etc. Can I
do all that I specified below strictly using those openssl commands? If so,
how?
'openssl rsautl -pubin -verfiy ...' didn't work ?
Regards,
Nils
NOT the whole binary
file!!
Does anyone have any hints for me?
Regards,
- HC
- Original Message -
From: Nils Larsch [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 02, 2003 6:13 PM
Subject: Re: Signature Verification problem
Howard Chan wrote:
What about using
On Wed, Apr 02, 2003, Howard Chan wrote:
Actually, I found that if I use : openssl dgst -sha1 -verify
pubkey -signature signature_file -binary original_file
works.
Provided that I signed with : openssl dgst -sha1 -sign privkey original
file . This is what I did with a testfile which i
Dear all,
I'm experimenting with openssl and I havethe
following problem at hand:
I have this file which used sha1 hash algorithm to
obtain it's message digest, and subsequently the digestwas encrypted
(signed)using RSA algorithm with a private key from a X.509
certificate.
Now, I have
Howard Chan [EMAIL PROTECTED] writes:
I have this file which used sha1 hash algorithm to obtain it's message
digest, and subsequently the digest was encrypted (signed) using RSA
algorithm with a private key from a X.509 certificate.
i don't think you can get a private key from an X509
-
From: Aleix Conchillo Flaque [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 01, 2003 8:35 PM
Subject: Re: Signature Verification problem
Howard Chan [EMAIL PROTECTED] writes:
I have this file which used sha1 hash algorithm to obtain it's message
digest, and subsequently
Hi,
I use the smime utility to sign a message and output it in PEM format:
openssl smime -sign -in req.csr -outform PEM -out mail.pem -signer \
mycert.pem -inkey mykey.pem
When trying to verify it, I get a failure:
openssl smime -verify -inform PEM -in mail.pem -CAfile CAstore
Verification
On Thu, Jan 30, 2003, Gerd Schering wrote:
Hi,
I use the smime utility to sign a message and output it in PEM format:
openssl smime -sign -in req.csr -outform PEM -out mail.pem -signer \
mycert.pem -inkey mykey.pem
When trying to verify it, I get a failure:
openssl smime -verify
On Thu, Aug 29, 2002, Lutz Jaenicke wrote:
On Thu, Aug 29, 2002 at 09:10:47AM -0400, Shaheed Bacchus wrote:
you are correct, issuer is not self signed (in fact it's
the cert that's provided by default with openssl in the
apps/demoCA dir). so how do i tell the verification
routine
On Wed, Aug 28, 2002 at 11:25:51AM -0400, Shaheed Bacchus wrote:
Shaheed Bacchus wrote:
hi all,
i am having some problems getting certificate verification to
work. i have two certs
X509 *client;
Subject: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=MyTest
Issuer:
On Thu, Aug 29, 2002 at 09:10:47AM -0400, Shaheed Bacchus wrote:
you are correct, issuer is not self signed (in fact it's
the cert that's provided by default with openssl in the
apps/demoCA dir). so how do i tell the verification
routine to not walk further down the tree? ideally i'd
that's the general direction i was slowly moving towards.
i guess one question that i have is since i have to use my
code to do the verification process anyhow, is there any
advantage to even using the X509_verify_cert() call?
thanks once again.
Lutz Jaenicke wrote:
OpenSSL does not support
On Thu, Aug 29, 2002 at 10:21:39AM -0400, Shaheed Bacchus wrote:
that's the general direction i was slowly moving towards.
i guess one question that i have is since i have to use my
code to do the verification process anyhow, is there any
advantage to even using the X509_verify_cert() call?
It would take some extensions to the certificate verification code
to change the behaviour. I don't know how large the interest is
in such an extension.
waves hand
Pick me!
--
Harald Koch [EMAIL PROTECTED]
It takes a child to raze a village.
-Michael T. Fry
Hi, all.
It seems my last e-mail is somehow lost, so I'm resending it.
Please give me some advice. :)
Since my program is not for web site but general client/server communication
program, I'd like to add a client certificate verification from the server
side.
I couldn't find any reference on
30 matches
Mail list logo
