[gnutls-devel] A certificate is verified by Gnutls but rejected by OpenSSL/PolarSSL
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Apr 2 23:07:01 CEST 2015
On Thu, 2015-04-02 at 10:00 -0700, Yuting Chen wrote:
> (2) Openssl:
> 140637590406816:error:04091077:rsa routines:INT_RSA_VERIFY:wrong
> signature length:rsa_sign.c:175:
> 140637590406816:error:0D0C5006:asn1 encoding
> routines:ASN1_item_verify:EVP lib:a_verify.c:221:
> ZZZZZZZZZZZZZComodo_Secure_Services_root.pem: C = US, O = "VeriSign,
> Inc.", OU = Class 4 Public Primary Certification Authority - G2, OU =
> "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign
> Trust Network
> error 7 at 0 depth lookup:certificate signature failure
In the file.pem you have 2 certificates (a chain), and the fa_rootCA is
another one. If you try openssl on each two of them (i.e., split the
file.pem) you'll get an OK. Are you sure that openssl verify can accept
a chain?
regards,
Nikos
More information about the Gnutls-devel
mailing list