On Wed, May 29, 2002 at 04:16:48PM -0700, Bob Steele wrote: > ------------------------------------------------------------------------ > ------- > > depth=2 /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification > Authority > verify return:1 > > depth=1 /O=VeriSign, Inc./OU=VeriSign Trust > Network/OU=www.verisign.com/reposito > ry/RPA Incorp. By Ref.,LIAB.LTD(c)98/CN=VeriSign Class 1 CA Individual > Subscribe > r-Persona Not Validated > verify return:1 > > depth=0 /O=VeriSign, Inc./OU=VeriSign Trust > Network/OU=www.verisign.com/reposito > ry/RPA Incorp. by Ref.,LIAB.LTD(c)98/OU=Persona Not Validated/OU=Digital > ID Clas > s 1 - Microsoft Full Service/CN=Robert [EMAIL PROTECTED] > verify return:1
Ok, it seems that the certificate chain has been successfully verified, so these problems should now be sorted out. > { My debug messages here :} > Current signature is bad. > Signature is *NOT* valid. > > 2432:error:04077068:rsa routines:RSA_verify:bad > signature:.\crypto\rsa\rsa_sign. > c:210: > 2432:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature > failure:.\cry > pto\pkcs7\pk7_doit.c:806: > > ------------------------------------------------------------------------ > ------- > > I want to be very sure I understand what I'm seeing, so I apologize if > this is > an elementary question: There's a valid chain to the root certificate > for my > signing certificate, but the actual signature is bad. Is this correct? Yes, that is also my understanding of the error messages. It is also consistent. First a bad RSA signature is found, then the calling function flags the overal PKCS7 signature verification as failed. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]