Oh thanks. This is a negative test. I will move on. Is there a good way to test the openssl library and not just the command line?
Anthony. -----Original Message----- From: openssl-dev [mailto:[email protected]] On Behalf Of Richard Levitte Sent: Wednesday, April 13, 2016 10:33 PM To: [email protected] Subject: Re: [openssl-dev] make TESTS="test_ocsp" test In message <he1pr08mb0427b6808f52900cd7a6138cd6...@he1pr08mb0427.eurprd08.prod.outlook.com> on Thu, 14 Apr 2016 04:55:02 +0000, CHOW Anthony <[email protected]> said: anthony.chow> Can this test be tested standalone? I must have missed something: anthony.chow> anthony.chow> === INVALID SIGNATURE on the OCSP RESPONSE === anthony.chow> NON-DELEGATED; Intermediate CA -> EE anthony.chow> Response Verify Failure anthony.chow> 47813825843168:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> 47813825843168:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> 47813825843168:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> 47813825843168:error:27069075:OCSP anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> NON-DELEGATED; Root CA -> Intermediate CA anthony.chow> Response Verify Failure anthony.chow> 47579061129184:error:0407006A:rsa anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not anthony.chow> 01:rsa_pk1.c:103: anthony.chow> 47579061129184:error:04067072:rsa anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: anthony.chow> 47579061129184:error:0D0C5006:asn1 encoding anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218: anthony.chow> 47579061129184:error:27069075:OCSP anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105: anthony.chow> NON-DELEGATED; Root CA -> EE anthony.chow> anthony.chow> Any pointer on what I can do? This is a part of the OCSP test suite, and sorry, there currently is no way to pick and choose between the different tests of the suite (I wouldn't expect that to change in the future). As to that particular set of tests, it checks that diverse responses with invalid signature does lead to an error report, so that output looks quite correct (unless I'm missing something) Cheers, Richard -- Richard Levitte [email protected] OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
