From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/44151 Path: main.gmane.org!not-for-mail From: Arne =?iso-8859-1?q?J=F8rgensen?= Newsgroups: gmane.emacs.gnus.general Subject: Problem with smime-CA-directory Date: Thu, 04 Apr 2002 14:32:31 +0200 Organization: Department of Computer Science, University of Aarhus Sender: owner-ding@hpc.uh.edu Message-ID: NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: main.gmane.org 1017923686 10500 127.0.0.1 (4 Apr 2002 12:34:46 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Thu, 4 Apr 2002 12:34:46 +0000 (UTC) Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 16t6Rx-0002jE-00 for ; Thu, 04 Apr 2002 14:34:45 +0200 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 16t6QL-0003wB-00; Thu, 04 Apr 2002 06:33:05 -0600 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Thu, 04 Apr 2002 06:33:12 -0600 (CST) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id GAA13816 for ; Thu, 4 Apr 2002 06:32:56 -0600 (CST) Original-Received: (qmail 2133 invoked by alias); 4 Apr 2002 12:32:38 -0000 Original-Received: (qmail 2128 invoked from network); 4 Apr 2002 12:32:37 -0000 Original-Received: from quimby.gnus.org (80.91.224.244) by gnus.org with SMTP; 4 Apr 2002 12:32:37 -0000 Original-Received: from news by quimby.gnus.org with local (Exim 3.12 #1 (Debian)) id 16t6cT-0007U9-00 for ; Thu, 04 Apr 2002 14:45:37 +0200 Original-To: ding@gnus.org Original-Path: not-for-mail Original-Newsgroups: gnus.ding Original-Lines: 209 Original-NNTP-Posting-Host: wolverine.daimi.au.dk Original-X-Trace: quimby.gnus.org 1017924337 28774 130.225.18.96 (4 Apr 2002 12:45:37 GMT) Original-X-Complaints-To: usenet@quimby.gnus.org Original-NNTP-Posting-Date: 4 Apr 2002 12:45:37 GMT User-Agent: Gnus/5.090006 (Oort Gnus v0.06) Emacs/20.7 (i686-pc-linux-gnu) Cancel-Lock: sha1:fKKp4ZnNs7d6dhHr0C4F2aJrxD8= Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:44151 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:44151 Hi, I have tried to install a root certificate in Gnus and had some problems with smime-CA-directory. When I set smime-CA-directory to nil and and let smime-CA-file point directly to the certificate I am able to verify (with sender trusted) a signed email. When I set smime-CA-file to nil and let the smime-CA-directory point to the directory where I keep the certificate I am able to verify, but not trust the sender and I get an error from openssl. The *OpenSSL output* only contains the address from the certificate (jgu@kmd.dk) and in the *Message* I get the following error message: OpenSSL: An error occurred decrypting or verifying the message. I have named the root certificate as explained in smime.el (the certificate gets the name b415d336). Below is the result from verifying the email. Is this a bug in smime.el or have I done something wrong? I'm using Emacs/20.7, Gnus from CVS and openssl v. 0.9.6c. /arne [[S/MIME Signed Part:Ok (sender not trusted)] Sender claimed to be: JGU@kmd.dk Addresses in certificate: jgu@kmd.dk OpenSSL output: --------------- Verification Failure 14779:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:213:Verify error:self signed certificate in certificate chain Certificate(s) inside S/MIME signature: --------------------------------------- Certificate: Data: Version: 3 (0x2) Serial Number: 974849029 (0x3a1b0405) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DK, O=KMD, OU=KMD-CA, CN=KMD-CA Kvalificeret Person Validity Not Before: Nov 21 23:24:59 2000 GMT Not After : Nov 22 23:24:59 2015 GMT Subject: C=DK, O=KMD, OU=KMD-CA, CN=KMD-CA Kvalificeret Person Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:da:e2:17:85:dd:eb:20:fb:66:50:44:df:5e:d4: 04:33:9b:9f:eb:d1:31:57:3a:a7:7c:0d:40:e0:dd: 10:32:5e:db:3d:67:70:2c:fd:34:9b:e1:a0:b1:9d: 38:98:72:83:b5:55:3e:1d:0f:d9:cf:8a:67:d5:88: f6:65:8e:29:92:36:6e:9d:96:90:b8:ee:8c:27:31: 6e:14:eb:ba:b6:37:59:f7:3a:83:02:c1:aa:a1:55: f3:05:a0:69:92:a6:bd:55:a2:ce:3c:3d:2b:28:b6: e5:fd:f2:5f:87:ce:86:8e:90:ab:69:6f:55:bb:9b: b6:f5:45:5c:07:79:d4:62:7e:ff:66:1e:77:e6:b8: 3a:bd:9b:cf:64:5c:a8:74:bc:d4:1d:e9:cb:0b:03: e2:68:09:47:9c:51:12:fe:63:a8:f7:f0:34:ff:95: ed:b9:1c:5f:ea:5f:3b:89:15:85:9f:d5:fb:c3:12: 3d:d4:07:81:c5:7f:88:1d:f0:3f:69:b0:81:6c:88: 04:d7:35:ad:e0:62:74:64:e2:cf:cb:a7:9d:6b:b9: e6:17:0d:7e:cb:ed:2c:96:d3:b3:d3:87:86:c4:7b: 9d:a4:6e:cb:e4:b8:d3:69:c3:9c:3e:6f:9c:e3:4e: 14:4b:22:1e:7e:3a:c3:e4:f4:ae:db:bb:87:a8:f8: 3a:f9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Subject Key Identifier: 79:62:EA:9A:12:38:D8:9C:63:EC:38:9F:0E:C5:BE:0E:54:21:28:3D X509v3 Authority Key Identifier: keyid:79:62:EA:9A:12:38:D8:9C:63:EC:38:9F:0E:C5:BE:0E:54:21:28:3D Signature Algorithm: sha1WithRSAEncryption d3:0b:fc:fe:36:3a:e2:7d:69:45:7f:d1:f2:2d:b8:8c:9c:d4: 98:6a:5a:f4:aa:9f:96:d7:8f:ef:5e:c8:47:a0:72:9f:1b:1c: b1:d8:e3:60:f5:3b:ec:f4:94:d8:a9:76:36:0f:49:d3:09:d3: 06:4e:11:48:6b:fb:5e:74:49:d0:d0:d4:ff:f3:40:bf:00:51: a2:c4:06:44:6d:ed:97:73:5c:f5:47:dc:f1:11:aa:77:fd:22: ba:58:06:49:d9:29:f0:80:a1:57:21:03:a4:6b:f5:65:37:49: df:1b:32:84:5f:30:b2:a0:f1:cd:0c:f0:6e:84:3f:00:93:70: e1:6b:89:29:1b:b6:f3:46:cd:df:2b:f0:8f:96:7d:46:08:37: fa:7c:0c:8f:49:4f:da:9f:8d:53:83:9d:83:d1:31:49:ba:28: fb:ea:db:b4:ec:ac:6a:ee:2a:ba:b2:69:5f:78:91:67:3c:72: 8f:00:bf:7c:c5:2d:e0:ad:82:1b:d4:89:10:5d:c7:ef:10:ee: 6e:6d:e0:29:2e:4a:bd:16:20:da:ea:8c:83:c5:5b:64:2b:33: 5a:fc:db:2d:3d:15:dd:7a:46:4a:8b:e0:b3:a0:2e:1e:af:07: 92:a7:4c:0a:6f:eb:6a:d6:77:0e:f3:5b:06:27:8d:8e:bf:bd: 76:18:d4:0c -----BEGIN CERTIFICATE----- MIIDdjCCAl6gAwIBAgIEOhsEBTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJE SzEMMAoGA1UEChMDS01EMQ8wDQYDVQQLEwZLTUQtQ0ExIzAhBgNVBAMTGktNRC1D QSBLdmFsaWZpY2VyZXQgUGVyc29uMB4XDTAwMTEyMTIzMjQ1OVoXDTE1MTEyMjIz MjQ1OVowUTELMAkGA1UEBhMCREsxDDAKBgNVBAoTA0tNRDEPMA0GA1UECxMGS01E LUNBMSMwIQYDVQQDExpLTUQtQ0EgS3ZhbGlmaWNlcmV0IFBlcnNvbjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBANriF4Xd6yD7ZlBE317UBDObn+vRMVc6 p3wNQODdEDJe2z1ncCz9NJvhoLGdOJhyg7VVPh0P2c+KZ9WI9mWOKZI2bp2WkLju jCcxbhTrurY3Wfc6gwLBqqFV8wWgaZKmvVWizjw9Kyi25f3yX4fOho6Qq2lvVbub tvVFXAd51GJ+/2Yed+a4Or2bz2RcqHS81B3pywsD4mgJR5xREv5jqPfwNP+V7bkc X+pfO4kVhZ/V+8MSPdQHgcV/iB3wP2mwgWyIBNc1reBidGTiz8unnWu55hcNfsvt LJbTs9OHhsR7naRuy+S402nDnD5vnONOFEsiHn46w+T0rtu7h6j4OvkCAwEAAaNW MFQwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUeWLqmhI42Jxj7DifDsW+ DlQhKD0wHwYDVR0jBBgwFoAUeWLqmhI42Jxj7DifDsW+DlQhKD0wDQYJKoZIhvcN AQEFBQADggEBANML/P42OuJ9aUV/0fItuIyc1JhqWvSqn5bXj+9eyEegcp8bHLHY 42D1O+z0lNipdjYPSdMJ0wZOEUhr+150SdDQ1P/zQL8AUaLEBkRt7ZdzXPVH3PER qnf9IrpYBknZKfCAoVchA6Rr9WU3Sd8bMoRfMLKg8c0M8G6EPwCTcOFriSkbtvNG zd8r8I+WfUYIN/p8DI9JT9qfjVODnYPRMUm6KPvq27TsrGruKrqyaV94kWc8co8A v3zFLeCtghvUiRBdx+8Q7m5t4CkuSr0WINrqjIPFW2QrM1r82y09Fd16RkqL4LOg Lh6vB5KnTApv62rWdw7zWwYnjY6/vXYY1Aw= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 1001321384 (0x3baef3a8) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DK, O=KMD, OU=KMD-CA, CN=KMD-CA Kvalificeret Person Validity Not Before: Sep 24 08:49:44 2001 GMT Not After : Sep 24 07:49:44 2002 GMT Subject: C=DK, O=Kommunedata A/S // CVR:19435075, OU=USE/USS, CN=IT Sikkerhedsarkitekt Joern Guldberg // RID:JGU/Email=jgu@kmd.dk, SN=CVR:19435075-JGU Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ba:f8:44:7f:4f:f2:35:93:88:92:54:2e:d6:55: 7a:a7:3b:65:a1:e7:b9:ca:f7:a4:4f:0c:5b:7d:12: b7:32:6d:d3:99:3f:0e:8f:06:0c:74:87:30:2b:84: 0f:57:8e:d6:e7:e6:f3:15:a8:36:f3:21:ee:48:2a: cc:78:2e:fc:2f:5e:ac:c9:fb:6b:60:d7:c5:47:8f: dc:4f:72:2b:92:c8:eb:cf:4b:64:b3:6c:c3:bf:51: 6c:19:be:bf:69:e8:4b:e4:67:f6:eb:66:10:bc:d8: a3:a0:f1:af:4e:55:fa:83:6d:5f:d9:fb:77:2e:01: a2:2f:a5:1e:40:33:f1:02:41 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.4239.4.1.2 User Notice: Explicit Text: Dette kvalificerede certifikat er udstedt efter KMD-CAs Kvalificeret Medarbejderpolitik. Maa ikke anvendes til personretlige dispositioner. Maa ikke anvendes til dispositioner, der indeholder transaktionsbeloeb. CPS: http://www.kmd-ca.dk/cps.htm X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 1b:53:ed:7e:99:59:8e:87:55:69:f1:1a:c1:10:8d:29:83:e4: 94:95:0a:d7:0d:27:d4:83:d2:15:fa:84:10:db:fd:da:bb:0e: 38:cb:5e:5e:97:e3:15:45:9a:0e:0c:a4:89:ca:83:b4:c0:6d: 17:b4:4e:c7:39:f9:36:8a:f0:bc:cb:fa:ba:b2:8f:0f:ba:9b: 35:88:63:8a:a2:cb:04:31:a4:99:da:18:e0:08:7a:45:d1:de: ac:30:ce:30:d6:bd:21:dd:28:1a:9b:75:fa:70:ae:13:62:60: b5:08:19:ad:02:ad:85:66:e2:df:b1:0e:5b:14:f4:ee:36:af: f9:f8:b7:4f:5a:98:2f:83:72:40:a6:24:84:c5:c4:a2:7b:4f: 72:9a:71:41:e3:44:6d:d2:ef:0c:c7:13:ef:04:37:75:63:1c: 2e:5f:e9:b9:d8:2f:1a:2c:e0:ae:0c:7e:52:23:3e:52:83:05: a2:a7:41:30:a3:29:53:7c:84:c6:03:4f:bd:67:83:c2:f2:1b: 54:ef:06:0f:93:6f:7e:20:1e:c4:f4:93:60:29:51:63:fb:92: fe:e0:77:0a:8f:c1:1d:85:bf:36:da:0d:df:42:aa:32:48:e8: ee:10:da:67:38:d2:6d:a7:4a:24:15:7e:cb:97:0a:5d:b6:fc: 9c:cc:c7:de -----BEGIN CERTIFICATE----- MIIEWzCCA0OgAwIBAgIEO67zqDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJE SzEMMAoGA1UEChMDS01EMQ8wDQYDVQQLEwZLTUQtQ0ExIzAhBgNVBAMTGktNRC1D QSBLdmFsaWZpY2VyZXQgUGVyc29uMB4XDTAxMDkyNDA4NDk0NFoXDTAyMDkyNDA3 NDk0NFowgbkxCzAJBgNVBAYTAkRLMSgwJgYDVQQKEx9Lb21tdW5lZGF0YSBBL1Mg Ly8gQ1ZSOjE5NDM1MDc1MRAwDgYDVQQLEwdVU0UvVVNTMTgwNgYDVQQDEy9JVCBT aWtrZXJoZWRzYXJraXRla3QgSm9lcm4gR3VsZGJlcmcgLy8gUklEOkpHVTEZMBcG CSqGSIb3DQEJARYKamd1QGttZC5kazEZMBcGA1UEBRMQQ1ZSOjE5NDM1MDc1LUpH VTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuvhEf0/yNZOIklQu1lV6pztl oee5yvekTwxbfRK3Mm3TmT8OjwYMdIcwK4QPV47W5+bzFag28yHuSCrMeC78L16s yftrYNfFR4/cT3Irksjrz0tks2zDv1FsGb6/aehL5Gf262YQvNijoPGvTlX6g21f 2ft3LgGiL6UeQDPxAkECAwEAAaOCAVQwggFQMA4GA1UdDwEB/wQEAwID+DCCATEG A1UdIASCASgwggEkMIIBIAYKKwYBBAGhDwQBAjCCARAwgeMGCCsGAQUFBwICMIHW GoHTRGV0dGUga3ZhbGlmaWNlcmVkZSBjZXJ0aWZpa2F0IGVyIHVkc3RlZHQgZWZ0 ZXIgS01ELUNBcyBLdmFsaWZpY2VyZXQgTWVkYXJiZWpkZXJwb2xpdGlrLiBNYWEg aWtrZSBhbnZlbmRlcyB0aWwgcGVyc29ucmV0bGlnZSBkaXNwb3NpdGlvbmVyLiBN YWEgaWtrZSBhbnZlbmRlcyB0aWwgZGlzcG9zaXRpb25lciwgZGVyIGluZGVob2xk ZXIgdHJhbnNha3Rpb25zYmVsb2ViLjAoBggrBgEFBQcCARYcaHR0cDovL3d3dy5r bWQtY2EuZGsvY3BzLmh0bTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQAb U+1+mVmOh1Vp8RrBEI0pg+SUlQrXDSfUg9IV+oQQ2/3auw44y15el+MVRZoODKSJ yoO0wG0XtE7HOfk2ivC8y/q6so8Pups1iGOKossEMaSZ2hjgCHpF0d6sMM4w1r0h 3Sgam3X6cK4TYmC1CBmtAq2FZuLfsQ5bFPTuNq/5+LdPWpgvg3JApiSExcSie09y mnFB40Rt0u8MxxPvBDd1YxwuX+m52C8aLOCuDH5SIz5SgwWip0EwoylTfITGA0+9 Z4PC8htU7wYPk29+IB7E9JNgKVFj+5L+4HcKj8Edhb822g3fQqoySOjuENpnONJt p0okFX7LlwpdtvyczMfe -----END CERTIFICATE----- ] -- stud. scient. Arne Jørgensen Kollegium 5, 2., v. 222, Universitetsparken, 8000 Århus C tlf: 89 42 72 22, mobil: 21 65 01 13 e-post: arne@daimi.au.dk, http://www.daimi.au.dk/~arne/