On Wed, May 29, 2002 at 04:16:48PM -0700, Bob Steele wrote:
> ------------------------------------------------------------------------
> -------
>
> depth=2 /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification
> Authority
> verify return:1
>
> depth=1 /O=VeriSign, Inc./OU=VeriSign Trust
> Network/OU=www.verisign.com/reposito
> ry/RPA Incorp. By Ref.,LIAB.LTD(c)98/CN=VeriSign Class 1 CA Individual
> Subscribe
> r-Persona Not Validated
> verify return:1
>
> depth=0 /O=VeriSign, Inc./OU=VeriSign Trust
> Network/OU=www.verisign.com/reposito
> ry/RPA Incorp. by Ref.,LIAB.LTD(c)98/OU=Persona Not Validated/OU=Digital
> ID Clas
> s 1 - Microsoft Full Service/CN=Robert [EMAIL PROTECTED]
> verify return:1
Ok, it seems that the certificate chain has been successfully verified,
so these problems should now be sorted out.
> { My debug messages here :}
> Current signature is bad.
> Signature is *NOT* valid.
>
> 2432:error:04077068:rsa routines:RSA_verify:bad
> signature:.\crypto\rsa\rsa_sign.
> c:210:
> 2432:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature
> failure:.\cry
> pto\pkcs7\pk7_doit.c:806:
>
> ------------------------------------------------------------------------
> -------
>
> I want to be very sure I understand what I'm seeing, so I apologize if
> this is
> an elementary question: There's a valid chain to the root certificate
> for my
> signing certificate, but the actual signature is bad. Is this correct?
Yes, that is also my understanding of the error messages. It is also
consistent. First a bad RSA signature is found, then the calling function
flags the overal PKCS7 signature verification as failed.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
