i'm trying to use OpenSSL s_client with OpenSC PKCS#15 engine. the engine works for operations such as key generation and PKCS#1 signatures. i've modified the s_client code to be able to use a private key on the smartcard via the OpenSC engine. i'm running into some problems with computing signatures for the SSL client verify. i think the problem is that ssl client verification is a signature computed over concatenated MD5 and SHA1 hashes of ssl handshake messages. on the other hand PKCS#1 signature generation expects a DigestInfo structure, which also contains the algorithm identifier for the hash. since there is no algorithm identifier for MD5-SHA1 concatenation, the opensc engine doesn't know what to do with the incoming data. can anybody confirm this? does anybody have some suggestions how to properly address this issue?
here are the error messages generated during the connection attempt. i'm using opensc-20030701 snapshot and openssl-0.9.7b.
========================================================
SSL_connect:SSLv3 write client key exchange A
pkcs15-sec.c:385:sc_pkcs15_compute_signature: Unable to add padding: Wrong length
sc_pkcs15_compute_signature() failed: Wrong lengthSSL_connect:error in SSLv3 write certificate verify A
SSL_connect:error in SSLv3 write certificate verify A
19028:error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib:s3_clnt.c:1741:
=========================================================
thanks, david
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
