During client cert verification: RSA_padding_check_PKCS1_type_1:block type is not 01

Viktor Dukhovni openssl-users at dukhovni.org
Sat Aug 3 23:56:17 UTC 2019

> On Aug 2, 2019, at 8:21 AM, Graham Leggett <minfrin at sharp.fm> wrote:
> Edge using the smartcard to the same site returns the following:
> [Fri Aug 02 13:47:43.238262 2019] [ssl:info] [pid 20742:tid 139771397486336] SSL Library Error: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> [Fri Aug 02 13:47:43.238306 2019] [ssl:info] [pid 20742:tid 139771397486336] SSL Library Error: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
> [Fri Aug 02 13:47:43.238356 2019] [ssl:info] [pid 20742:tid 139771397486336] SSL Library Error: error:1408807B:SSL routines:SSL3_GET_CERT_VERIFY:bad signature
> What is the above trying to tell me?
> Am I right in assuming that Edge is trying to use the wrong cert with the wrong key?

An RSA signature verification operation (block type 01) failed,
typically because the public used to check the signature does
not match the private key used to sign the data.

Is this a server-side log or a client-side log?  If the client is
using the wrong private key or wrong certificate, then I'd expect
to see this type of error on the server.


More information about the openssl-users mailing list