[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: Problem verifying certificates [was: CPS object .....]
From: George Staikos <staikos () 0wned ! org>
Date: 2001-07-25 14:53:21
[Download RAW message or body]
On Wednesday 25 July 2001 05:55, Jean-Marc Desperrier wrote:
> George Staikos wrote:
> > On Tuesday 24 July 2001 20:26, George Staikos wrote:
> > > I've been noticing many problems with some new certificates which
> > > are being issued by Entrust and Verisign.
> >
> > Actually I looked it over more closely and it's not that a "/CPS"
> > field is there, but that they have "www.verisign.com/CPS" in the OU
> > field. Anyhow, things are very corrupt still. Text output of one of
> > these certs results in lots of garbage.
>
> Verisign certificates have this since very long.
> This is not the source of your problem.
>
> You should send the certificate to the list to get a diagnostic of what is
> going wrong.
>
> I'm surprised about what you're describing, are you sure this is not just a
> stupid error like forgetting to use the -inform der parameter ?
Ok here are the der-encoded certificates extracted from cert7.db for
Verisign and Equifax (note it's _not_ entrust as I mistakenly said above). I
don't remember which is the exact correct one for Verisign so I sent all the
class 3 certificates.
I also attached wellsfargo.pem and ibm.pem along with text versions. These
were the certificates presented in a web session which I captured and saved
to disk.
Trying to verify these pem files against the CA files I gave fails. Netscape
can verify them just fine though, and all certificates I've come across which
aren't signed by these CA files seem to work fine too. A lot of people have
seen this problem recently.
The wellsfargo.txt looks very corrupt to me btw. As does the Equifax CA file
(#26).
--
George Staikos
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic