[kmf-discuss] SignCSR and Returned Message
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Wed Mar 21 08:36:38 PDT 2007
Massimiliano Pala wrote:
> Hi all,
>
> I am having another "problem" with the SignCSR function. Indeed, now that
> the memory fault is resolved, when I try to sign the request by:
>
> /* Pick the right signing algorithm */
> if ( pkey->priv_key->keyalg == KMF_RSA ) {
> alg = KMF_ALGID_SHA1WithRSA;
> } else if ( pkey->priv_key->keyalg == KMF_DSA ) {
> alg = KMF_ALGID_SHA1WithDSA;
> } else {
> /* Unsupported Algorithm */
> goto err;
> }
>
> rv = KMF_SetCSRSignatureAlgorithm( req->tbs, alg );
> rv = KMF_SignCSR( lib_h, req->tbs, pkey->priv_key, req->data);
>
> I get the following error:
>
> drivers/kmf/pki_x509_req.c:91 ERROR::12 KMF_ERR_BAD_CERT_FORMAT
>
> What does this means ? Any ideas ?
The signing routine had a problem decoding the CSR. The
error should probably be "KMF_ERR_BAD_CSR_FORMAT", its a minor
bug in the decoding library.
Did you set the "Version" field?
Have you tried running truss or apptrace on the process to see where it fails?
Ex:
$ apptrace -Tlibkmf your_app_name
-Wyllys
More information about the kmf-discuss
mailing list