During client cert verification: RSA_padding_check_PKCS1_type_1:block type is not 01

Graham Leggett minfrin at sharp.fm
Sun Aug 4 09:45:57 UTC 2019

On 04 Aug 2019, at 01:56, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:

> An RSA signature verification operation (block type 01) failed,
> typically because the public used to check the signature does
> not match the private key used to sign the data.

Thanks for confirming this.

> Is this a server-side log or a client-side log?  If the client is
> using the wrong private key or wrong certificate, then I'd expect
> to see this type of error on the server.

It’s a server side log of httpd linked to openssl.

I have a MyEID smartcard with two certs and two keys on it. When the smartcard is used with Firefox and the OpenSC PKCS11 drivers, everything works fine. When the smartcard is used with Windows 10 + Edge and the native manufacturer drivers, the wrong key is chosen for the certificate, and access is denied as above.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3260 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190804/c0ba8910/attachment.bin>

More information about the openssl-users mailing list