PKCS#7/CMS verify reports bad signature

Steffen steffenl.sw at gmail.com
Wed Apr 3 08:47:44 UTC 2019


Hello,

I think the person I spoke with might have thought about another set of
signatures for an in-house identity provider. If that is the case then
those signatures were probably generated by OpenSSL 1.0.2 and are OK. I
heard from another person today that the bad files were produced by the
other primary identity provider we use, so we must support the existing
format. Now I really do not see any other solution but to either downgrade
or fork OpenSSL.

On Wed, Apr 3, 2019 at 9:59 AM Matt Caswell <matt at openssl.org> wrote:

>
>
> On 02/04/2019 17:34, Steffen wrote:
> > Hello,
> >
> >> What had produced the signatures?
> >
> > I received word from my end that the signatures may have been produced by
> > OpenSSL 1.0.2 (no idea which letter release) in the Cygwin environment
> but I
> > cannot confirm this.
> >
>
> If that's the case, I'd really like to know what specific version and how
> the
> signatures were generated (although it seems a little surprising if 1.0.2
> is
> creating these incorrect signatures that no-one else has encountered this,
> since
> the commit in question went in over 2.5 years ago).
>
> Matt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190403/d6a17041/attachment.html>


More information about the openssl-users mailing list