test make_verify fails on brand new red hat enterprise 7 box

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have been compiling openssl libraries on RHEL5 for a while without issue. My build for 1.0.2k fails on a new RHEL7 server. I have narrowed down the cause to the make_verify test. 



make verify_test # from test dir

The following command should have some OK's and some failures
There are definitly a few expired certificates
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit)
error 20 at 0 depth lookup:unable to get local issuer certificate
../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA
error 20 at 0 depth lookup:unable to get local issuer certificate
140692788688576:error:0B06E06B:x509 certificate routines:X509_get_pubkey_parameters:unable to find parameters in chain:x509_vfy.c:2108:
../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA
error 18 at 0 depth lookup:self signed certificate
C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA
error 10 at 0 depth lookup:certificate has expired
OK
../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
error 18 at 0 depth lookup:self signed certificate
C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
error 10 at 0 depth lookup:certificate has expired
OK
make: *** [test_verify] Error 2



It seems to boil down to the following



OPENSSL_CONF= LD_LIBRARY_PATH=.. ../apps/openssl verify -CApath ../certs/demo ../certs/demo/ca-cert.pem

WARNING: can't open config file:
../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit)
error 20 at 0 depth lookup:unable to get local issuer certificate

echo $?

2



Doing the same on my RHEL5 box.



OPENSSL_CONF= LD_LIBRARY_PATH=.. ../apps/openssl verify -CApath ../certs/demo ../certs/demo/ca-cert.pem
WARNING: can't open config file:
../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
error 10 at 1 depth lookup:certificate has expired
C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit)
error 10 at 0 depth lookup:certificate has expired
OK

echo $?

0



Any clue why openssl verify does not work on RHEL7?
ca-cert.pem is issued by pca-cert.pem (matching Authority Key Identifier). Both are under ../certs/demo.

Thanks.


--
Philippe Anctil
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux