Fwd to openssl-users Re: [openssl-dev] Why the issuer cannot be found?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(top posting like the rest of the thread)

What makes you think it is incorrect to check the Key
Identifier (where present) before checking a signature
against a key?

What other reasonable purpose could the Key Identifier
fields serve?

On 03/04/2015 10:56, Erwann Abalea wrote:
 > (Forwarded to openssl-users)
 >
 > The subjectName of file4.pem matches the issuerName of
 > file3.pem, the signature block in file3.pem, when verified
 > with the public key of file4.pem, gives a correct signature
 > for the tbsCertificate of file3.pem. But Openssl also
 > (incorrectly, IMO) checks that file4.pem.SKI matches
 > file3.pem.AKI, and refuses to go further (here, AKI doesn't
 > match SKI).
 >
 > Le 03/04/2015 03:10, Yuting Chen a ?crit :
 > > I used OpenSSL to verify a certificate file (file3.pem)
 > > against another certificate file (file4.pem). OpenSSL
 > > reports that it cannot find the issuer of the cert in
 > > file3.pem; while when I displays file3.pem and file4.pem,
 > > it appears that the issuer of the cert in file3.pem is the
 > > same as the subject of the cert in file4.pem. Did I miss
 > > anything?

P.S.

Don't put your e-mail sig in the middle of the mail, it causes
standards-compliant mail programs to cut off everything below
it when replying (because everyting below the --<space> marker
is, by definition, just the e-mail sig).

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux