[openssl-users] SMIME: 1.0.0e vs. 1.0.1e

c.holper at ades.at c.holper at ades.at
Thu Feb 18 13:05:35 UTC 2016


I have a little problem with an update from an old 1.0.0e (vanilla 
compiled) vs.
debians (7.9, stable) 1.0.1e.

I try to verify an smime-signature
Tried with the same smime-file and with the same certificates on the 
same machine.
The certificates are fine and are ok if I verify them.

openssl smime -verify -purpose any -in "myfile.txt" -out "myfile.out"  
-CApath /etc/ssl/certs -CAfile "cert.cer"

It works fine with 1.0.0e.
Text: Verification successful
Return: 0

But I get the following with 1.0.1e.
Text: Verification failure
routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:1169:
139728980395688:error:21075069:PKCS7 routines:PKCS7_verify:signature 
Return: 4

The myfile.txt (shortened):
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; 
micalg="sha1"; boundary="----EEFE59145E95831000EE06DE4309E3A9"

This is an S/MIME signed message

Content-Transfer-Encoding: binary
Content-Type: application/edi-consent
Content-Disposition: attachment; name="abc.xml"; filename="abc.xml"

<?xml version='1.0' encoding='utf-8'?>
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"


Can anyone please help, thanks!

Best regards,

More information about the openssl-users mailing list