Problem with verification of a certificate

Mon, 05 Mar 2001 02:57:59 -0800 

Hi,

I have a problem with verification of a certificate. I have temporary
certificate signed from other certificate which is signed from my CA.
I need to verify this temporary certificate.

If I use openssl ver: OpenSSL 0.9.3a 29 May 1999, everything is ok.
example:

./openssl verify -verbose -CApath ~holub/.globus /tmp/x509up_u11931
/tmp/x509up_u11931: OK

But if I use the new version: OpenSSL 0.9.6 24 Sep 2000, the same command
gives me an error:

./openssl verify -verbose -CApath ~holub/.globus /tmp/x509up_u11931
/tmp/x509up_u11931: /C=CZ/ST=Czech Republic/O=Masaryk
University/OU=Institute of Computer Science/CN=Petr
[EMAIL PROTECTED]/CN=proxy
error 20 at 0 depth lookup:unable to get local issuer certificate

I think, that the problem is in subject and issuer in my certificate.
If I have run openssl with strace, I saw that the new version was 
looking for wrong "hash name" of the certificate.
But why does the older version work, and the new one doesn't? 

I am appending subjects and issuers of my certificates. They are:

in temporary cert:
subject=/C=CZ/ST=Czech Republic/O=Masaryk University/OU=Institute of
Computer Science/CN=Petr [EMAIL PROTECTED]/CN=proxy
issuer= /C=CZ/ST=Czech Republic/O=Masaryk University/OU=Institute of
Computer Science/CN=Petr [EMAIL PROTECTED]

and in certificate with which is temporary signed:
subject=/C=CZ/ST=Czech Republic/O=Masaryk University/OU=Institute of
Computer Science/CN=Petr [EMAIL PROTECTED]
issuer= /C=CZ/ST=Czech Republic/L=Brno/O=Masaryk University/OU=Institute of
Computer Science/CN=Certification [EMAIL PROTECTED]

and my CA:
subject=/C=CZ/ST=Czech Republic/L=Brno/O=Masaryk University/OU=Institute of 
Computer Science/CN=Certification [EMAIL PROTECTED]
issuer= /C=CZ/ST=Czech Republic/L=Brno/O=Masaryk University/OU=Institute of 
Computer Science/CN=Certification [EMAIL PROTECTED]



Thanks for all suggestions,
                                regards
                                        Petr Holub

e-mail: [EMAIL PROTECTED]
Web_page: http://www.fi.muni.cz/~holub
Public_PGP_key: http://thetis.fi.muni.cz/noauth/pgp/show_pgp.cgi?user=holub
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to