OpenSSL / java / wiki bits

Ken Horn ken.horn at clara.co.uk
Wed May 25 08:22:57 PDT 2005 

Thanks. I seem to be able to actually get multple different errors, but 
just submitting the page more than once (and no, I'm waiting for the 
requests to finish before retrying). My prog is basically only using a 
single key pair per startup, and verifies anyone (might as well get the 
protocol working prior to bells and whistles), so there's only one key 
(unless the consumer is caching, despite asking for it).

What might help, would be if someone could generate demo keys / hashes / 
tokens etc and display them, so that other implementations could verify 
the crypto stuff without the added moving parts. Anyone with a working 
version fancy it? Of course, with the various file formats and libs 
involved this may still be non-trivial to do cross language. Hrmf, why 
aren't crypto formats more self describing?


Martin Atkins wrote:

> Ken Horn wrote:
>
>>      Error from demo page:
>> *    **Error:* Error in DSA_verify: error:0D07209B:asn1 encoding 
>> routines:ASN1_get_object:too long at 
>> /usr/share/perl5/Net/OpenID/Consumer.pm line 401.
>> /[runtime_error]/
>
> [snip]
>
>>      If I miss out the sha1, I get: *Error:* DSA signature 
>> verification failed /[verify_failed]  --  is this any better?/
>
>
> I think the second error is better -- for some value of "better", at 
> least. The first error looks like your key is actually broken in some 
> way, while the second error is the standard response you get if the 
> signature is structured correctly but doesn't match the expected 
> result with the given key.
>
> I don't know enough about Java's stuff to comment any further, but I 
> think that in the second case you're closer to the answer. Make sure 
> now that you are signing the right string, that the consumer is 
> getting the right key, and so forth.
>
> Someone else can probably do better than this, but I hope this helps 
> for now. :)
>
> _______________________________________________
> yadis mailing list
> yadis at lists.danga.com
> http://lists.danga.com/mailman/listinfo/yadis
>
>
>

More information about the yadis mailing list