OpenSSL version:0.9.5a
OS Version: IRIX 6.5
Compiler: Base Compiler Development Environment, 7.3
Configure command: ./Configure irix64-mips4-cc
Ignoring the lack of random data; take note, in particular, the exponent:
% ./apps/openssl genrsa -out k 1024
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
...++
..++
e is 281479271743489 (0x1000100010001)
%
This particular exponent is not among the set of expected exponents from
the man-page, and also cannot be read by MSIE5 (if a Cert based on this key
is put on a Win-XX box as a .cer file, the Certificate Manager reports a
0-length RSA key!). My main problem, right now, is that I noticed this
_after_ getting a Cert from Thawte, and the resultant failure of IE5
clients on Win-XX not being able to connect at all. Now they're wanting
US$50 to re-cert with a "good" key which is quite annoying me, but I cannot
do anything till I get in and call them and/or our purchasing people
provide CC #s.
Has anyone noticed similar behaviour, or was I stupid for trying the irix64
compile option rather than staying with 32?
Here's most of the 'make test', skipping to the RSA bits:
Script started on Tue May 30 22:17:45 2000
[m[m[m[Jmorpheus# [Kmmake test
testing...
./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
[ ... ]
rsa
testing rsa conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
./rsa_test
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
testing crl conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing session-id conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
Generate and verify a certificate request
generating certificate request
rsa
There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
Using configuration from test.cnf
Generating a 512 bit RSA private key
.
.
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:[EMAIL PROTECTED]
Using configuration from test.cnf
verify OK
testing req conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing req conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing pkcs7 conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing pkcs7 conversions (2)
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
The following command should have some OK's and some failures
There are definitly a few expired certificates
../apps/openssl verify -CApath ../certs ../certs/*.pem
../certs/ICE-CA.pem: /O=European ICE-TEL project/OU=V3-Certification Authority
error 10 at 1 depth lookup:Certificate has expired
/O=European ICE-TEL project/OU=V3-Certification Authority/L=Darmstadt
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/ICE-root.pem: /O=European ICE-TEL project/OU=V3-Certification Authority
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/ICE-user.pem: /O=European ICE-TEL project/OU=V3-Certification Authority
error 10 at 2 depth lookup:Certificate has expired
/O=European ICE-TEL project/OU=V3-Certification Authority/L=Darmstadt
error 10 at 1 depth lookup:Certificate has expired
/O=European ICE-TEL project/OU=V3-Certification Authority/L=Darmstadt/CN=USER
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/ca-cert.pem: OK
../certs/dsa-ca.pem: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=PCA
error 10 at 1 depth lookup:Certificate has expired
/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/dsa-pca.pem: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=PCA
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/factory.pem: /C=GB/O=UCL/OU=ICE-TEL Project/CN=TrustFactory
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/nortelCA.pem: OK
../certs/pca-cert.pem: OK
../certs/rsa-cca.pem: /C=US/O=RSA Data Security, Inc./OU=Commercial Certification
Authority
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/rsa-ssca.pem: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
error 18 at 0 depth lookup:self signed certific