Hey Richard here’s what I see # openssl help openssl:Error: 'help' is an invalid command. Standard commands asn1parse ca ciphers cms crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam enc engine errstr gendh gendsa genpkey genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand req rsa rsautl s_client s_server s_time sess_id smime speed spkac ts verify version x509 Message Digest commands (see the `dgst' command for more details) md2 md4 md5 rmd160 sha sha1 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb seed seed-cbc seed-cfb seed-ecb seed-ofb zlib so I do see md5 in the list of digests what else should I be looking at ? is there a way to get some sort of error code or something that would at least hint at a direction.. thanks — Thierry > On 13 Jan 2017, at 16:37, Richard Levitte <levitte@xxxxxxxxxxx> wrote: > > In message <41A36A7F-FF5D-4190-9178-E9FF11AFF712@xxxxxxxx> on Fri, 13 Jan 2017 11:28:40 +0100, Thierry Parmentelat <thierry.parmentelat@xxxxxxxx> said: > > thierry.parmentelat> I am facing a problem that I have narrowed down to this: > thierry.parmentelat> > thierry.parmentelat> I have two certificates, one being signed by the other > thierry.parmentelat> the attached code is a python code that uses M2Crypto to check for that fact > thierry.parmentelat> > thierry.parmentelat> and it turns out, on some boxes x509_verify() returns 1 as expected, while on some others I am getting -1 > thierry.parmentelat> > thierry.parmentelat> > thierry.parmentelat> --- > thierry.parmentelat> I apologize that I am not able to write a pure C code that would reproduce the issue (I’m afraid that me trying to achieve that would just lead to more artificial problems than be actually helpful in any way :) > thierry.parmentelat> > thierry.parmentelat> the m2crypto guys tell me they are essentially just passing stuff along to openssl’s function > thierry.parmentelat> X509_verify > thierry.parmentelat> as described here > thierry.parmentelat> https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html > > Considering both certs in the attached script use the signature > algorithm md5WithRSAEncryption, you could get that kind of error with > an OpenSSL installation where MD5 has been disabled. 'openssl help' > will show you what's enabled, or 'openssl list -disabled' (with > OpenSSL 1.1.0) to see what's disabled. > > There are other things that can give you a -1 as well... > > Cheers, > Richard > > -- > Richard Levitte levitte@xxxxxxxxxxx > OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
