small bug in cert handling
Hans.Aschauer at gi-de.com
Hans.Aschauer at gi-de.com
Mon Sep 4 11:06:59 CEST 2006
[sorry, in the previous mail I hit the send button before finishing
the mail...]
Hi all,
for a demo system, I installed Minisip for use with Mikey
(authenticated D-H), which did not work (Mikey PSK was ok,
after telling openser to allow SIP packages larger than
2 kB...).
The only response which I got was "Incoming key management message
could not be authenticated", which came from X509_verify_cert()
returning 0 in certificate::control(), even though the certificates
validated ok on the command line, using "openssl validate".
I solved the problem by adding a call to
OpenSSL_add_all_algorithms() (without arguments) in the constructor
of ca_db in the openSSL version of cert.cxx (libmcrypto). Actually,
there might be a better place where to add this call...
Great feeling to perform encrypted calls using minisip, even it is only for
a distance of
1 meter...
--
Dr. Hans Aschauer
Cards and Services - Operations
Department Cryptology, CSOP42
Giesecke & Devrient GmbH, Prinzregentenstrasse 159, P.O. Box 800729,
D-81607 Munich, Germany
telephone: +49 89 4119 2764, telefax: +49 89 41191629
mailto:Hans.Aschauer at de.gi-de.com
http://www.gi-de.com
More information about the Minisip-devel
mailing list