[Pkg-openssl-devel] Bug#611743: openssl smime -verify can't verify binary messages without CRLF
John Hughes
john at calva.com
Tue Feb 1 16:21:30 UTC 2011
Package: openssl
Version: 0.9.8o-4
Severity: normal
If I make a simple message:
---cut here 8><---
Content-Type: application/octet-stream
Content-Transfer-Encoding: 8bit
BINARY DATA
---cut here 8><---
(note lines end in LF, not CRLF)
and sign it as so:
openssl smime -sign -binary -in zz-in -out zz-out \
-signer as2.crt -inkey as2.key
(note I asked for -binary)
Then it is impossible to verify the message:
openssl smime -verify -binary -in zz-out -noverify \
-certfile as2.crt -inform smime | cat -vet
Verification failure
21148:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:948:
21148:error:21075069:PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:312:
Content-Type: application/octet-stream^M$
Content-Transfer-Encoding: 8bit^M$
^M$
BINARY DATA^M$
^M$
It seems that the -verify code doesn't know how to do -binary.
If I sign without -binary and verify with or without -binary then the
verification works, but my binary data is corrupted by replacing all
LF's with CRLF.
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libssl0.9.8 0.9.8o-4 SSL shared libraries
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20090814+nmu2 Common CA certificates
-- no debconf information
More information about the Pkg-openssl-devel
mailing list