[openssl-users] SMIME: 1.0.0e vs. 1.0.1e

c.holper at ades.at c.holper at ades.at
Thu Feb 18 13:05:35 UTC 2016


Hello!

I have a little problem with an update from an old 1.0.0e (vanilla 
compiled) vs.
debians (7.9, stable) 1.0.1e.

I try to verify an smime-signature
Tried with the same smime-file and with the same certificates on the 
same machine.
The certificates are fine and are ok if I verify them.


openssl smime -verify -purpose any -in "myfile.txt" -out "myfile.out"  
-CApath /etc/ssl/certs -CAfile "cert.cer"

It works fine with 1.0.0e.
Text: Verification successful
Return: 0


But I get the following with 1.0.1e.
Text: Verification failure
139728980395688:error:21071065:PKCS7 
routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:1169:
139728980395688:error:21075069:PKCS7 routines:PKCS7_verify:signature 
failure:pk7_smime.c:410:
Return: 4



The myfile.txt (shortened):
------------------------------
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; 
micalg="sha1"; boundary="----EEFE59145E95831000EE06DE4309E3A9"

This is an S/MIME signed message

------EEFE59145E95831000EE06DE4309E3A9
Content-Transfer-Encoding: binary
Content-Type: application/edi-consent
Content-Disposition: attachment; name="abc.xml"; filename="abc.xml"

<?xml version='1.0' encoding='utf-8'?>
......
......
------EEFE59145E95831000EE06DE4309E3A9
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIIawYJKoZIhvcN7nTRPWZsxevEqzakh6vKxTTE8sn5mzeU4QoEqAP1EOuATPan0VpAXtfJfBQfq/I=
...
EEFE59145E95831000EE06DE4309E3A9
---------------------------------


Can anyone please help, thanks!

Best regards,
christoph






More information about the openssl-users mailing list