Re: CSR verify failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



OK, I see the verify error with the CSR you sent, so it's an issue with creating the CSR, not with verifying it.

Beyond that I don't see the issue, but I'd have to debug it (or decrypt the signature manually) to see what exactly the problem is. OpenSSL is complaining that it expects the signature to use PKCS#1 type 1 padding, but the block-type byte doesn't have value 1, i.e. PKCS#1 v1.5 padding.

I don't know why openssl req -new on your system might have generated a signature with some other type of padding. openssl req doesn't appear to honor -sigopt rsa_padding_mode, for example; I just tried it, and it didn't produce an error, but didn't seem to have any effect either.

-- 
Michael Wojcik 
Distinguished Engineer, Micro Focus 



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux