Re: Verify x509 certificate

.:: Francesco la Torre ::. Sat, 02 Aug 2008 02:43:48 -0700

On sab, 2008-08-02 at 02:04 -0700, Kyle Hamilton wrote:
> The verify(1ssl) man page has descriptions of these error codes.  7 is
> "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure",
> which is described as: the signature of the certificate is invalid.
> 
> I would presume that this is because the signature cannot be verified
> with the public key that it's said to be verifiable with -- i.e., the
> data in one of the certificates has been modified since it was signed
> (and thus, the signature has been invalidated).
>


You're true, but I used the "stange" abjective because if I try to
verify the certificate from command line 

openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem

The output is :
 
cert.pem: OK

so both certificates are valid.

Regards,
Flt

> -Kyle H
> 
> On Fri, Aug 1, 2008 at 5:15 PM, .:: Francesco la Torre ::.
> <[EMAIL PROTECTED]> wrote:
> > On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote:
> >
> > One mistake is here even if there were not compilation error
> >
> >> and also add this line to the main
> >> X509_STORE_set_verify_cb_func(&ca_ctx,cb);
> >>
> >
> > the correct code block is :
> >
> > ...
> >     /* load CA cert store */
> >     if (!(CAcerts = X509_STORE_new())) {
> >         printf ("\nError1\n");
> >     }
> > ---> X509_STORE_set_verify_cb_func(CAcerts,cb);
> > ...
> >
> >
> >
> >> but the result is always the same :
> >>
> >
> > Not always the boring "Verification error: certificate signature
> > failure"
> >
> > But a new strange error :
> >
> >
> > /C=IT/ST=Italy/O=IIT-CNR/OU=lab18/CN=ubuntu-ser/[EMAIL PROTECTED]
> > error 7 at 1 depth lookup:certificate signature failure
> > Verification error: 0
> >
> >
> > I've tried to find any kind of reference for this kind of error but
> > google returns not a very good help.
> >
> > In various forum/mailing list this is _classified_ as *quite strange*
> > error ... is it possible ?
> >
> > Thanks in advance,
> > Flt
> >
> >
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    openssl-users@openssl.org
> > Automated List Manager                           [EMAIL PROTECTED]
> >
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Re: Verify x509 certificate

Reply via email to