------=_Part_1593_17964553.1176269222535
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi Maillist

I met a problem while porting openssl from Linux PC to mips64 platform, the
openssl version is 0.9.7i

I use openssl to verify a signature(x509), openssl prompt the error
info *unhandled
critical extension* on mips64 platform

But this operation was ok on Linux Pc, I think this may caused by
some compile problem, but I havn't any clue,

is there any patch I need add, any specail complie option, or flag

Is there anyone can give some suggestion about this problem, thanks a lot



the detail info is below

I use xmlsec lib's cmd-line application like following way, I'm not clear
what's *unhandled critical extension *mean,

can you give me some info about this,
**


# ./xmlsec1 --verify --id-attr:Id LicenceData --store-signatures
--enable-visa3d-hack --trusted-pem root.crt --X509-skip-strict-checks
D0185601.XML
func=xmlSecOpenSSLX509StoreVerify:file=
x509vfy.c:line=360bj=x509-store:subj=X509_verify_cert:error=4:cryptolibrary
function failed:subj=/C=FI/O=Nokia/CN=Nokia NET Licence Generator
ILG;err=34;msg=*unhandled critical extension*
func=xmlSecOpenSSLX509StoreVerify:file=
x509vfy.c:line=408bj=x509-store:subj=unknown:error=71:certificateverificatio n
failed:err=34;msg=unhandled critical extension
func=xmlSecKeysMngrGetKey:file=
keys.c:line=1364bj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmls eclibrary
function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=
xmldsig.c:line=871bj=unknown:subj=unknown:error=45:key is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=
xmldsig.c:line=565bj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:er ror=1:xmlseclibrary
function failed:
func=xmlSecDSigCtxVerify:file=
xmldsig.c:line=366bj=unknown:subj=xmlSecDSigCtxSigantureProcessNode: error=1:xmlseclibrary
function failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
= VERIFICATION CONTEXT
== Status: unknown
== flags: 0x00000018
== flags2: 0x00000000
== Id: "licRAN1001LK-pkisig-1"
== Key Info Read Ctx:
= KEY INFO READ CONTEXT
== flags: 0x00004000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: rsa
==== keyType: 0x00000001
==== keyUsage: 0x00000002
==== keyBitsSize: 0
=== list size: 0
== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000001
==== keyUsage: 0xffffffff
==== keyBitsSize: 0
=== list size: 0
== Signature Transform Ctx:
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: c14n-with-comments (href=
http://www.w3.org/TR/2001/REC-xml-c1...5#WithComments)
=== Transform: membuf-transform (href=NULL)
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== Signature Method:
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== SignedInfo References List:
=== list size: 1
= REFERENCE VERIFICATION CONTEXT
== Status: succeeded
== URI: "#licRAN1001LK"
== Reference Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000001
== flags2: 0x00000000
== enabled transforms: all
=== uri:
=== uri xpointer expr: #licRAN1001LK
=== Transform: Visa3DHackTransform (href=NULL)
=== Transform: c14n-with-comments (href=
http://www.w3.org/TR/2001/REC-xml-c1...5#WithComments)
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
=== Transform: membuf-transform (href=NULL)
== Digest Method:
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
== Manifest References List:
=== list size: 0
Error: failed to verify file "D0185601.XML"
**
**

------=_Part_1593_17964553.1176269222535
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi Maillist

 

I met a problem while porting openssl from Linux PC to mips64 platform, the openssl version is 0.9.7i

 

I use openssl to verify a signature(x509), openssl prompt the error info unhandled critical extension on mips64 platform

 

But this operation was ok on Linux Pc, I think this may caused by some compile problem, but I havn't any clue,

 

is there any patch I need add, any specail complie option, or flag

 

Is there anyone can give some suggestion about this problem, thanks a lot

 

 

 

the detail info is below

 

I use xmlsec lib's cmd-line application like following way, I'm not clear what's unhandled critical extension mean,

 

can you give me some info about this,


 

 

# ./xmlsec1 --verify --id-attr:Id LicenceData --store-signatures --enable-visa3d-hack --trusted-pem root.crt --X509-skip-strict-checks D0185601.XML
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:l ine=360bj=x509-store:subj=X509_verify_cert:error=4:crypto
library function failed:subj=/C=FI/O=Nokia/CN=Nokia NET Licence Generator ILG;err=34;msg=unhandled critical extension
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:l ine=408bj=x509-store:subj=unknown:error=71:certificate
verification failed:err=34;msg=unhandled critical extension
func=xmlSecKeysMngrGetKey:file=keys.c:line=1364bj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmls ec library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=
xmldsig.c:line=871bj=unknown:subj=unknown:error=45:key is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsi g.c:line=565bj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:er ror=1:xmlsec library function failed:

func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366bj=unknown:subj=xmlSecDSigCtxSigantureProcessNode: error=1:xmlsec library function failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 1/1

Manifests References (ok/all): 0/0
= VERIFICATION CONTEXT
== Status: unknown
== flags: 0x00000018
== flags2: 0x00000000
== Id: "licRAN1001LK-pkisig-1"
== Key Info Read Ctx:
= KEY INFO READ CONTEXT

== flags: 0x00004000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all

=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: rsa
==== keyType: 0x00000001
==== keyUsage: 0x00000002
==== keyBitsSize: 0
=== list size: 0

== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000

== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000001
==== keyUsage: 0xffffffff

==== keyBitsSize: 0
=== list size: 0
== Signature Transform Ctx:
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL

=== Transform: c14n-with-comments (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments)
=== Transform: membuf-transform (href=NULL)

=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== Signature Method:
=== Transform: rsa-sha1 (href=
http://www.w3.org/2000/09/xmldsig#rsa-sha1
)
== SignedInfo References List:
=== list size: 1
= REFERENCE VERIFICATION CONTEXT
== Status: succeeded
== URI: "#licRAN1001LK"
== Reference Transform Ctx:

== TRANSFORMS CTX (status=2)
== flags: 0x00000001
== flags2: 0x00000000
== enabled transforms: all
=== uri:
=== uri xpointer expr: #licRAN1001LK
=== Transform: Visa3DHackTransform (href=NULL)
=== Transform: c14n-with-comments (href=
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments)
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1
)
=== Transform: membuf-transform (href=NULL)
== Digest Method:
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
== Manifest References List:

=== list size: 0
Error: failed to verify file "D0185601.XML"

 

 

 


------=_Part_1593_17964553.1176269222535--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org