From: Murray S. K. <ms...@se...> - 2008-07-08 17:07:06
|
On Tue, 8 Jul 2008, Rickard Bondesson wrote: > I am testing a patch to DKIM Milter 2.5.0 that will give support for > DNSSEC. The problem is that I am getting an SSL Error now and then. > > Jul 8 09:57:45 mask dkim-filter[31900]: m687vaAr002778 SSL > error:04077068:rsa routines:RSA_verify:bad signature; > error:04077068:rsa routines:RSA_verify:bad signature > Jul 8 09:57:45 mask dkim-filter[31900]: m687vaAr002778: key retrieval failed The first line is simply a dump of the error stack from libcrypto. It means a signature verification was attempted (using the RSA_verify() function) but that failed, i.e. the data being verified and the signature didn't match. That's all the information you get. "key retrieval failed" maps to the DKIM_STAT_KEYFAIL error code, which is reported when the attempt to retrieve a key from DNS either timed out or returned some kind of error. If you're running with a DNSSEC patch, perhaps the key being returned wasn't signed? (I can only guess without seeing the patch.) |