On Fri Feb 15 10:24:22 2013, woll...@igel.com wrote: > > we are using OpenSSL 0.9.8k. It's not the command line utility. > We are linking against libcrypto and libssl. We load the CA > certificates with SSL_CTX_set_default_verify_paths (c_rehash has > been executed before), disable the automatic verification by > setting SSL_CTX_set_verify to SSL_VERIFY_NONE, to the handshake > with BIO_do_handshake, get the server certificate with > SSL_get_peer_certificate and then verify the certificate by using > SSL_get_verfify_result. The result value of this function is set to > X509_V_ERR_CERT_SIGNATURE_FAILURE. The problem seems to be the > signature algorithm which is used: sha512WithRSAEncryption. >
Are you including a call to OpenSSL_add_all_algorithms() in your application? SSL_library_init() only adds a subset of supported signature algorithms and doesn't include SHA512. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org