small bug in cert handling
Jie Chen
jchen at kth.se
Wed Sep 6 07:27:27 CEST 2006
Hi Hans,
This problem is caused by different algorithm used to encrypt the
signature. You'd better add OpenSSL_add_all_algorithms() in the function
of checking the certificate (in cert.cxx). Also maybe you will meet some
problem when you use the certificate chain which is not begin from the
root CA. For that, some flag need to set. For more details, you could
refer to the code in the branch of "newpki" in the svn repository. Have a
deep look in the file cert.cxx.
BR
Jerry
>
> [sorry, in the previous mail I hit the send button before finishing
> the mail...]
>
> Hi all,
>
> for a demo system, I installed Minisip for use with Mikey
> (authenticated D-H), which did not work (Mikey PSK was ok,
> after telling openser to allow SIP packages larger than
> 2 kB...).
>
> The only response which I got was "Incoming key management message
> could not be authenticated", which came from X509_verify_cert()
> returning 0 in certificate::control(), even though the certificates
> validated ok on the command line, using "openssl validate".
>
> I solved the problem by adding a call to
> OpenSSL_add_all_algorithms() (without arguments) in the constructor
> of ca_db in the openSSL version of cert.cxx (libmcrypto). Actually,
> there might be a better place where to add this call...
>
> Great feeling to perform encrypted calls using minisip, even it is only
> for
> a distance of
> 1 meter...
>
> --
> Dr. Hans Aschauer
> Cards and Services - Operations
> Department Cryptology, CSOP42
> Giesecke & Devrient GmbH, Prinzregentenstrasse 159, P.O. Box 800729,
> D-81607 Munich, Germany
> telephone: +49 89 4119 2764, telefax: +49 89 41191629
> mailto:Hans.Aschauer at de.gi-de.com
> http://www.gi-de.com
>
> _______________________________________________
> Minisip-devel mailing list
> Minisip-devel at minisip.org
> http://lists.minisip.org/mailman/listinfo/minisip-devel
>
More information about the Minisip-devel
mailing list