[openssl-dev] make TESTS="test_ocsp" test

Richard Levitte levitte at openssl.org
Thu Apr 14 05:33:02 UTC 2016 

In message <HE1PR08MB0427B6808F52900CD7A6138CD6970 at HE1PR08MB0427.eurprd08.prod.outlook.com> on Thu, 14 Apr 2016 04:55:02 +0000, CHOW Anthony <anthony.chow at al-enterprise.com> said:

anthony.chow> Can this test be tested standalone? I must have missed something:
anthony.chow> 
anthony.chow> === INVALID SIGNATURE on the OCSP RESPONSE ===
anthony.chow> NON-DELEGATED; Intermediate CA -> EE
anthony.chow> Response Verify Failure
anthony.chow> 47813825843168:error:0407006A:rsa
anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not
anthony.chow> 01:rsa_pk1.c:103:
anthony.chow> 47813825843168:error:04067072:rsa
anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705:
anthony.chow> 47813825843168:error:0D0C5006:asn1 encoding
anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218:
anthony.chow> 47813825843168:error:27069075:OCSP
anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105:
anthony.chow> NON-DELEGATED; Root CA -> Intermediate CA
anthony.chow> Response Verify Failure
anthony.chow> 47579061129184:error:0407006A:rsa
anthony.chow> routines:RSA_padding_check_PKCS1_type_1:block type is not
anthony.chow> 01:rsa_pk1.c:103:
anthony.chow> 47579061129184:error:04067072:rsa
anthony.chow> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705:
anthony.chow> 47579061129184:error:0D0C5006:asn1 encoding
anthony.chow> routines:ASN1_item_verify:EVP lib:a_verify.c:218:
anthony.chow> 47579061129184:error:27069075:OCSP
anthony.chow> routines:OCSP_basic_verify:signature failure:ocsp_vfy.c:105:
anthony.chow> NON-DELEGATED; Root CA -> EE
anthony.chow> 
anthony.chow> Any pointer on what I can do?

This is a part of the OCSP test suite, and sorry, there currently is
no way to pick and choose between the different tests of the suite
(I wouldn't expect that to change in the future).

As to that particular set of tests, it checks that diverse responses
with invalid signature does lead to an error report, so that output
looks quite correct (unless I'm missing something)

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-dev mailing list