PKCS#7/CMS verify reports bad signature

Steffen steffenl.sw at
Wed Apr 3 08:47:44 UTC 2019


I think the person I spoke with might have thought about another set of
signatures for an in-house identity provider. If that is the case then
those signatures were probably generated by OpenSSL 1.0.2 and are OK. I
heard from another person today that the bad files were produced by the
other primary identity provider we use, so we must support the existing
format. Now I really do not see any other solution but to either downgrade
or fork OpenSSL.

On Wed, Apr 3, 2019 at 9:59 AM Matt Caswell <matt at> wrote:

> On 02/04/2019 17:34, Steffen wrote:
> > Hello,
> >
> >> What had produced the signatures?
> >
> > I received word from my end that the signatures may have been produced by
> > OpenSSL 1.0.2 (no idea which letter release) in the Cygwin environment
> but I
> > cannot confirm this.
> >
> If that's the case, I'd really like to know what specific version and how
> the
> signatures were generated (although it seems a little surprising if 1.0.2
> is
> creating these incorrect signatures that no-one else has encountered this,
> since
> the commit in question went in over 2.5 years ago).
> Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list