Hi Dr Steve,
Since its an embedded platform it does not have debug
or a serial interface. But i did debug further and
found that OBJ_obj2nid returning 7 (RSA-md2) incase
of www.google.com and it returns 8 (RSA-md5) incase
of thawte.com.
Basically its failing in EVP_get_digestbyname()
UNKNOWN_MESSAGE_DIGEST_ALGORITH.
I have disabled MD2 switch. But looking at the
certificate below, both the server certificates use
RSA-MD5.I dont understand why its returning RSA-md2.
Google.com
-----------
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 658869 (0xa0db5)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town,
O=Thawte Consulting cc, OU=Certification Services
Division, CN=Thawte Server
CA/[EMAIL PROTECTED]
Validity
Not Before: Mar 23 13:50:41 2003 GMT
Not After : Mar 31 18:52:39 2004 GMT
Subject: C=US, ST=California, L=Mountain View,
O=Google Inc, CN=www.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ce:88:dc:7e:9a:fa:8b:5d:24:7d:f1:4a:ea:fb:
a8:4a:33:9d:9c:ef:22:c9:4d:2f:ac:a0:d3:86:05:
4f:d1:bb:cb:26:a6:f4:93:b4:43:aa:a9:28:b7:71:
cf:a4:47:f1:c3:20:41:2d:d4:8a:1c:20:bd:6f:8a:
f0:9d:a4:ea:70:65:5d:10:e3:ea:7d:d2:b9:87:f4:
1e:71:60:23:75:60:49:0d:4c:c0:0e:d9:91:d2:3f:
49:74:3f:6c:bf:a1:56:46:1f:99:e6:16:33:02:4e:
06:b6:54:81:58:de:7e:2e:69:1b:f4:76:85:40:46:
b3:fe:19:33:26:8c:fb:89:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, Netscape
Server Gated Crypto
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: md5WithRSAEncryption
92:7d:7f:ce:8f:f9:37:16:d1:53:ec:74:15:2e:94:a8:8e:81:
93:a4:7a:4f:58:73:d2:4c:09:c2:bb:eb:8e:84:66:7e:42:60:
9e:56:a4:89:18:db:1a:bd:f9:9d:a4:6e:53:fb:93:c2:ca:36:
a7:f4:3f:95:ad:af:65:36:8b:86:8a:3c:1c:19:aa:fb:63:35:
cb:f4:8e:f4:d2:c1:e4:89:6b:21:06:9a:30:8a:5f:c8:0d:8c:
0b:27:82:09:7c:66:91:7e:9a:60:ca:bf:47:2b:d2:1d:51:4e:
94:ec:42:d1:a6:df:b6:27:70:4a:f4:87:4c:0d:13:aa:d7:5e:
e4:da
www.thawte.com
-------------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 639573 (0x9c255)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town,
O=Thawte Consulting cc, OU=C
ertification Services Division, CN=Thawte Server
CA/[EMAIL PROTECTED]
awte.com
Validity
Not Before: Dec 20 15:18:40 2002 GMT
Not After : Dec 20 15:18:40 2003 GMT
Subject: C=ZA, ST=Western Cape, L=Cape Town,
O=Thawte Consulting (Pty) L
td, OU=Customer Service, CN=www.thawte.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a4:f0:14:f3:ce:0a:4b:fb:0f:d3:e7:e6:86:8b:
68:25:23:37:8d:cb:a7:34:76:da:df:5d:a5:f2:92:
f1:9c:1a:9a:02:47:e6:53:1f:1c:c2:91:8b:47:1e:
58:67:31:b2:17:0d:ab:d9:82:79:26:16:e7:c0:51:
93:3d:be:27:b3:dd:07:24:ff:cd:f6:cf:92:0c:fc:
77:9e:23:72:0c:56:fd:40:a5:d8:46:55:b8:3d:72:
82:05:73:3f:d7:c3:ac:c9:c6:68:7a:02:bc:b8:63:
71:cb:af:88:82:67:a5:81:fe:6e:01:f4:1c:87:23:
96:13:77:4d:2b:1e:f3:aa:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: md5WithRSAEncryption
8d:ac:7c:54:45:35:82:b3:b0:89:2f:8e:93:0a:04:1c:fb:3c:
21:56:97:9b:c9:c8:58:9e:c3:e8:c7:60:06:ba:9e:17:1e:34:
38:f7:2d:16:22:87:2f:77:3d:53:af:eb:11:29:db:1c:32:24:
cf:ff:65:6a:15:3c:4b:31:5e:08:4b:f9:7b:2d:0f:2a:93:1f:
32:a6:0e:b4:37:78:e5:8c:34:48:ce:7d:26:91:c0:81:6a:4b:
84:40:d1:af:3b:55:ae:9d:6a:f0:10:56:38:86:f0:d9:af:8c:
e6:20:77:37:1f:65:a9:1d:b1:6a:37:44:0f:66:d6:9c:20:42:
07:f9
--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> On Fri, Jun 06, 2003, rajagopalan ramanujam wrote:
>
> >
> > hi,
> >
> > I have defined SSL_library_init rather then
> > openSSL_add_all_algorithms to save memory.
> >
> > I have turned on DES,RC4 in chipers and MD5,SHA in
> > message digest.
> >
> > Could you let me know what could be problem.
> >
> > I can connect to www.thawte.com and X509_verify
> > is successful. And also i have generated
> selfsigned
> > certificate which are working too.
> >
> > For Ex: www.google.com:443 i cannot connect,
> > i get error (7).
> >
> >
>
> See what ERR_print_errors_fp(stderr) gives after a
> failed verify to see if you
> can get any more information.
>
> Steve.
> --
> Dr Stephen N. Henson.
> Core developer of the OpenSSL project:
> http://www.openssl.org/
> Freelance consultant see:
> http://www.drh-consultancy.demon.co.uk/
> Email: [EMAIL PROTECTED], PGP key:
> via homepage.
>
______________________________________________________________________
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
