[openssl-users] CMS_verify provides empty output

Jakob Bohm jb-openssl at wisemo.com
Wed Oct 10 12:06:42 UTC 2018

On 10/10/2018 13:55, RudyAC wrote:
> Hello,
> when verifying  a signed email with CMS_verify() the verification failed.
> That is not the main problem.
> My problem is that the out data is empty. Using the library I got following
> error:
> OpenSSL Error code all:    <772382878d>
> OpenSSL Error code lib:    <46d>
> OpenSSL Error code func:   <154d>
> OpenSSL Error code reason: <158d>
> OpenSSL Error: error:2E09A09E:CMS
> routines:CMS_SignerInfo_verify_content:verification failure
> The mail body is base64 encoded.
> When verifying the email on console with "openssl cms -verify" there is no
> message output, only the error
> message :
> Verification failure
> 47883249174256:error:04091068:rsa routines:INT_RSA_VERIFY:bad
> signature:rsa_sign.c:278:
> 47883249174256:error:2E09809E:CMS
> routines:CMS_SignerInfo_verify:verification failure:cms_sd.c:775:
> Any hints are welcome
The general assumption in OpenSSL is that if the signature is
invalid, the contents is probably fake,false or invalid, and
thus unwanted.

This is generally true in cryptography, but for actual e-mail
applications it may very well be desired to allow the user to
ignore signature verification failures.  If so, one could combine
allowing the mail software to access the MIME message normally (as
if the signature was some unknown MIME part) with a meaningful
(human readable) form of the actual error message from verification
(there is more than one way the verification can fail, and the
desired human response would often differ).


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list