OpenSSL
 » 
OpenSSL - Dev

SHA256 digest windows 0.9.8k?

View: New views
3 Messages — Rating Filter:   Alert me  

SHA256 digest windows 0.9.8k?

by dutchman1 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi,

I'm currently trying to authenticate a server cert with EAP-TLS and the openssl windows libraries 0.9.8k. I'm getting the error 'unknown message digest algorithm'. (below) The signature is encrypted with sha256 with RSA. According to the openssl doc sha256 is supported in 0.9.8 but when I do a help on list-message-digest-commands sha256 is not listed.

Can anybody point me in the right direction?

Thanks!


From the Cert:
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=WiMAX Forum(R) Device Root-CA, O=WiMAX Forum(R), C=US

Error Message:
TLS: Certificate verification failed, error 7 (certificate signature failure) depth 2 for '/CN=WiMAX Forum(R) Server Root-CA/O=WiMAX Forum(R)/C=US'
SSL: (where=0x4008 ret=0x233)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:decrypt error
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server certificate B
OpenSSL: __func__ not defined - SSL_connect error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm
OpenSSL: pending error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
SSL: 7 bytes pending from ssl_out

Re: SHA256 digest windows 0.9.8k?

by Dr. Stephen Henson :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

On Thu, Oct 29, 2009, dutchman1 wrote:

>
> Hi,
>
> I'm currently trying to authenticate a server cert with EAP-TLS and the
> openssl windows libraries 0.9.8k. I'm getting the error 'unknown message
> digest algorithm'. (below) The signature is encrypted with sha256 with RSA.
> According to the openssl doc sha256 is supported in 0.9.8 but when I do a
> help on list-message-digest-commands sha256 is not listed.
>
> Can anybody point me in the right direction?
>

This should work:

openssl dgst -sha256 filename

I suspect the server doesn't include a call to OpenSSL_add_all_algorithms()
instead calling SSL_library_init() which only adds the more commonly uses SSL
algorithms.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@...
Automated List Manager                           majordomo@...

Re: SHA256 digest windows 0.9.8k?

by dutchman1 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Dr. Steve,

you the man!!! That was it. Many thanks and I'll owe you a percentage of my salary.

;)


Dr. Stephen Henson wrote:
On Thu, Oct 29, 2009, dutchman1 wrote:

>
> Hi,
>
> I'm currently trying to authenticate a server cert with EAP-TLS and the
> openssl windows libraries 0.9.8k. I'm getting the error 'unknown message
> digest algorithm'. (below) The signature is encrypted with sha256 with RSA.
> According to the openssl doc sha256 is supported in 0.9.8 but when I do a
> help on list-message-digest-commands sha256 is not listed.
>
> Can anybody point me in the right direction?
>

This should work:

openssl dgst -sha256 filename

I suspect the server doesn't include a call to OpenSSL_add_all_algorithms()
instead calling SSL_library_init() which only adds the more commonly uses SSL
algorithms.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org
Free embeddable forum powered by Nabble Forum Help