In message <41A36A7F-FF5D-4190-9178-E9FF11AFF712@xxxxxxxx> on Fri, 13 Jan 2017 11:28:40 +0100, Thierry Parmentelat <thierry.parmentelat@xxxxxxxx> said: thierry.parmentelat> I am facing a problem that I have narrowed down to this: thierry.parmentelat> thierry.parmentelat> I have two certificates, one being signed by the other thierry.parmentelat> the attached code is a python code that uses M2Crypto to check for that fact thierry.parmentelat> thierry.parmentelat> and it turns out, on some boxes x509_verify() returns 1 as expected, while on some others I am getting -1 thierry.parmentelat> thierry.parmentelat> thierry.parmentelat> --- thierry.parmentelat> I apologize that I am not able to write a pure C code that would reproduce the issue (I¢m afraid that me trying to achieve that would just lead to more artificial problems than be actually helpful in any way :) thierry.parmentelat> thierry.parmentelat> the m2crypto guys tell me they are essentially just passing stuff along to openssl¢s function thierry.parmentelat> X509_verify thierry.parmentelat> as described here thierry.parmentelat> https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html Considering both certs in the attached script use the signature algorithm md5WithRSAEncryption, you could get that kind of error with an OpenSSL installation where MD5 has been disabled. 'openssl help' will show you what's enabled, or 'openssl list -disabled' (with OpenSSL 1.1.0) to see what's disabled. There are other things that can give you a -1 as well... Cheers, Richard -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
