[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: isakmpd & ca cert woes
On Thu, 12 Jul 2001, Philipp Buehler wrote:
> On 11/07/2001, Damien Miller <firstname.lastname@example.org> wrote To email@example.com:
> > I couldn't for the life of me figure out why authentication was failing
> > (with error "rsa_sig_decode_hash: received CERT can't be validated"),
> > until I synced the clocks.
> error-messages :P
> Wouldn't it possible to give the reason *why* the validation failed?
> Or is the time already in a whole hashchunk, so it cant be determined
> which part is wrong?
The validation check happens deep inside X509_verify_cert() in libcrypto.
It should be possible to add some verbosity, but OpenSSL's error reporting
functions make my head spin.
| Damien Miller <firstname.lastname@example.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer