On 2021-06-17 15:49, Viktor Dukhovni wrote:
On Sat, Jun 12, 2021 at 10:20:22PM +0200, Gaardiolor wrote:
When I compare those, they are exactly the same. But that's the thing, I
think server.sig.decrypted should be prepended with a sha256 designator
30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01
On Sat, Jun 12, 2021 at 10:20:22PM +0200, Gaardiolor wrote:
> When I compare those, they are exactly the same. But that's the thing, I
> think server.sig.decrypted should be prepended with a sha256 designator
> 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20, which is
> missing. I do
Hi,
On 12/06/21 22:20, Gaardiolor wrote:
Hello,
My openssl-1.0.2k-21.0.1.el7_9.x86_64 verify fails with HSM-signed
certificates. The HSM is causing other issues and is likely
misbehaving, I think this is a HSM bug. I'm sure I'm using the correct
server.crt and rootca.crt.
$ openssl verify
Hello,
My openssl-1.0.2k-21.0.1.el7_9.x86_64 verify fails with HSM-signed
certificates. The HSM is causing other issues and is likely misbehaving,
I think this is a HSM bug. I'm sure I'm using the correct server.crt and
rootca.crt.
$ openssl verify -CAfile rootca.crt server.crt
server.crt:
