OpenSSL / java / wiki bits
Ken Horn
ken.horn at clara.co.uk
Wed May 25 08:22:57 PDT 2005
Thanks. I seem to be able to actually get multple different errors, but
just submitting the page more than once (and no, I'm waiting for the
requests to finish before retrying). My prog is basically only using a
single key pair per startup, and verifies anyone (might as well get the
protocol working prior to bells and whistles), so there's only one key
(unless the consumer is caching, despite asking for it).
What might help, would be if someone could generate demo keys / hashes /
tokens etc and display them, so that other implementations could verify
the crypto stuff without the added moving parts. Anyone with a working
version fancy it? Of course, with the various file formats and libs
involved this may still be non-trivial to do cross language. Hrmf, why
aren't crypto formats more self describing?
Martin Atkins wrote:
> Ken Horn wrote:
>
>> Error from demo page:
>> * **Error:* Error in DSA_verify: error:0D07209B:asn1 encoding
>> routines:ASN1_get_object:too long at
>> /usr/share/perl5/Net/OpenID/Consumer.pm line 401.
>> /[runtime_error]/
>
> [snip]
>
>> If I miss out the sha1, I get: *Error:* DSA signature
>> verification failed /[verify_failed] -- is this any better?/
>
>
> I think the second error is better -- for some value of "better", at
> least. The first error looks like your key is actually broken in some
> way, while the second error is the standard response you get if the
> signature is structured correctly but doesn't match the expected
> result with the given key.
>
> I don't know enough about Java's stuff to comment any further, but I
> think that in the second case you're closer to the answer. Make sure
> now that you are signing the right string, that the consumer is
> getting the right key, and so forth.
>
> Someone else can probably do better than this, but I hope this helps
> for now. :)
>
> _______________________________________________
> yadis mailing list
> yadis at lists.danga.com
> http://lists.danga.com/mailman/listinfo/yadis
>
>
>
More information about the yadis
mailing list