Yes! I forgot about OpenSSL initialization.
Thank you, Dr. Stephen Henson.
--------------------------------------------------------------------------------------------
From: Dr. Stephen Henson
Sent: Wednesday, June 06, 2012 5:12 PM
To: openssl-users@openssl.org
Subject: Re: OCSP_basic_verify FAILED(returns -1) (all details in email)
On Wed, Jun 06, 2012, Vladimir Belov wrote:
Hello.
OCSP_basic_verify failed(returns -1) although "openssl ocsp -respin
..." show "Response verify OK" with the same OCSP response and root
CAs.
I attached to this email the ZIP and TAR archives with OCSP
response, the checked certificate, it's issuer
certificate(VeriSignClass3ExtendedValidationSSLSGCCA.pem) and root
certs of CAs.
The checked certificate is certificate of the web-site www.verisign.com. I use
OpenSSL 1.0.0e.
OCSP_basic_verify failed(return -1) with next errors:
4064:error:0D0C50A1:lib(13):func(197):reason(161):.\crypto\asn1\a_verify.c:150:
4064:error:27069075:lib(39):func(105):reason(117):.\crypto\ocsp\ocsp_vfy.c:98:
I debuged this situation and found that this happens because
EVP_get_digestbyname for argument "name"="SHA1" returns "NULL"!
Perhaps:
http://www.openssl.org/support/faq.html#PROG8
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org