From: Pablo N. <pa...@mo...> - 2006-03-31 10:51:47
|
Hi, we have a problem when sing a CRR, it gives me the follow error: Error 6206 General Error Cannot build PKCS#7-object from extracted signature! OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot parse signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv failed. [Error]: error:04077068:rsa routines:RSA_verify:bad signature [Info]: Input file intialized. [Info]: Signaturefile initialized. [Info]: Reading Certificate file. [Info]: PKCS#7 object loaded. [Info]: Data is ready for verification. [Info]: Signature Informations (PKCS#7): depth:1 serial:818C842BA88E78BF subject:emailAddress=ca@xxxxxxx,CN=xxxxxxxx,OU=PKI-PRUEBAS,O=PRUEBAS-xxxxxxx,C=ES depth:0 serial:03 subject:serialNumber=3,CN=RA-Admin,OU=PKI,O=PRUEBAS-xxxxxxx,C=ES [Info]: Signature is corrupt. Errorcode -1. signature:error:-1 ). We have installed OpenCA en Debian testing (Openssl 0.9.8a and Mysql 4.1) with OpenCA 9.2.5 (UTF8) and Openca works in general fine (only failed sign revocation in RA). The error happen when it use approveCRR, exactly in. my $signer = libGetSignatureObject( OBJECT=>$req ); if ( not $signer ) generalError ($errval, $errno); } The problem is returned by libGetSignatureObject, I think is possible that req structure has not been correctly created or malformed because the similar function in approveCSR works well. Any idea are welcome. Regards Pablo. |