On Fri, Jan 14, 2005, Massimiliano Pala wrote:

> 
> Hello guys,
> 
> I have a problem with X509 certificate and CRL checking. 
> When using the
> X509_CRL_verify(crl, pkey) function (I get an error also 
> by using the
> 'openssl crl -CAfile... ' command), I get the following 
> Error:
> 
> 7322:error:0407006A:rsa 
> routines:RSA_padding_check_PKCS1_type_1:block type is not 
> 01:rsa_pk1.c:100:
> 7322:error:04067072:rsa 
> routines:RSA_EAY_PUBLIC_DECRYPT:padding check 
> failed:rsa_eay.c:580:
> 7322:error:0D089006:asn1 encoding routines:ASN1_verify:EVP 
> lib:a_verify.c:162:
> 
> Anyway, separately both the certificate and the CRL seems 
> to look good.
> If you have ideas I can send you the certificate and the 
> CRL, I am not
> sending them to the list as them are quite big (~1.6Mb).
> 

Check to see if the CRL has an authority key id and if so if it matches the
subject key id of the CA you are using. If not then the problem is that the
wong CA and hence wrong public key is being used to verify the CRL signature.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to