X509_verrify_cert worked in 0.9.7c but not in 0.9.8

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

X509_verrify_cert worked in 0.9.7c but not in 0.9.8

Calista
Hi,

I upgraded to the latest OpenSSL and quite to my
consternation the X509_verify_cert fails with the
reason "self signed certificate". But if I switch back
to 0.9.7c it doesn't.

Did I miss anything during the upgrade?

Thank you.
Calista.


               
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: X509_verrify_cert worked in 0.9.7c but not in 0.9.8

Dr. Stephen Henson
On Wed, Sep 28, 2005, Calista wrote:

> Hi,
>
> I upgraded to the latest OpenSSL and quite to my
> consternation the X509_verify_cert fails with the
> reason "self signed certificate". But if I switch back
> to 0.9.7c it doesn't.
>
> Did I miss anything during the upgrade?
>

What circumstances give that error: what command or application? Can you
include the certificate chain that does that?

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: X509_verrify_cert worked in 0.9.7c but not in 0.9.8

Jeff Davey
On Wed, 2005-09-28 at 23:22 +0200, Dr. Stephen Henson wrote:
> What circumstances give that error: what command or application? Can you
> include the certificate chain that does that?
>


I have also noticed this problem with 0.9.8, and reported it here on
this list August 8th (with no response).

I also posted example source code.

It seems that this problem is only cropping up for me on Intel 32bit
Linux, but not x86_64 Linux, nor Intel 32bit Netware.




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: X509_verrify_cert worked in 0.9.7c but not in 0.9.8

Dr. Stephen Henson
On Wed, Sep 28, 2005, Jeff Davey wrote:

> On Wed, 2005-09-28 at 23:22 +0200, Dr. Stephen Henson wrote:
> > What circumstances give that error: what command or application? Can you
> > include the certificate chain that does that?
> >
>
>
> I have also noticed this problem with 0.9.8, and reported it here on
> this list August 8th (with no response).
>
> I also posted example source code.
>
> It seems that this problem is only cropping up for me on Intel 32bit
> Linux, but not x86_64 Linux, nor Intel 32bit Netware.
>

Sorry I must have missed that. Can you send a report to RT? Do you get the
same problems using the verify utility? That should pretty much make the same
calls. If you do please include the certificates and the command line you
used.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: X509_verrify_cert worked in 0.9.7c but not in 0.9.8

Jeff Davey
On Thu, 2005-09-29 at 01:50 +0200, Dr. Stephen Henson wrote:
> Sorry I must have missed that. Can you send a report to RT? Do you get the
> same problems using the verify utility? That should pretty much make the same
> calls. If you do please include the certificates and the command line you
> used.


I'll spend some time tomorrow trying to replicate this problem using the
verify utility (end of the day here at the office).

I'm not sure what you mean by "Can you send a report to RT?"




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: X509_verrify_cert worked in 0.9.7c but not in 0.9.8

Dr. Stephen Henson
On Wed, Sep 28, 2005, Jeff Davey wrote:

> On Thu, 2005-09-29 at 01:50 +0200, Dr. Stephen Henson wrote:
> > Sorry I must have missed that. Can you send a report to RT? Do you get the
> > same problems using the verify utility? That should pretty much make the same
> > calls. If you do please include the certificates and the command line you
> > used.
>
>
> I'll spend some time tomorrow trying to replicate this problem using the
> verify utility (end of the day here at the office).
>

OK, thanks.

> I'm not sure what you mean by "Can you send a report to RT?"
>

http://www.openssl.org/support/rt2.html

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: X509_verrify_cert worked in 0.9.7c but not in 0.9.8

Jeff Davey
In reply to this post by Jeff Davey
Well. I figured this out.

The problem is, we were using the system header files (OpenSSL-0.9.7e)
to build the binary, but we were linking in the 0.9.8a static library.

I added the 0.9.8a header files to the include path, and the problem
went away.


On Wed, 2005-09-28 at 17:58 -0600, Jeff Davey wrote:

> On Thu, 2005-09-29 at 01:50 +0200, Dr. Stephen Henson wrote:
> > Sorry I must have missed that. Can you send a report to RT? Do you get the
> > same problems using the verify utility? That should pretty much make the same
> > calls. If you do please include the certificates and the command line you
> > used.
>
>
> I'll spend some time tomorrow trying to replicate this problem using the
> verify utility (end of the day here at the office).
>
> I'm not sure what you mean by "Can you send a report to RT?"
>
>
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]