Re: verification error: empty key record; insecure key
On Fri, 17 Aug 2012, Benny Pedersen wrote:
> could this be the problem i see here with RSA-VERIFY failing ?, it
> happends most on gmail and ietf, i dont think there dkim is failling,
> but is RSA-VERIFY bogus error for not getting correct dns results ?
No. This issue would cause the DKIM verification process to fail before
the code gets as far as calling any of the crypto functions.
> Aug 17 00:02:49 home opendkim[3330]: 56E3E25C022: s=ietf1 d=ietf.org SSL
> error:04091068:rsa routines:INT_RSA_VERIFY:bad signature
This can only happen when the DNS part worked fine, but the signature
itself failed to validate. Assuming no bugs, it means the message was
modified in transit.
> unsure why it just happen on some domains and not all
Have you tried any of the testing and debugging steps found in
opendkim/README?
> what openssl version is stable with opendkim could be usefull if i should
> create a bug in gentoo with this problem
We've received no complaints about any particular openssl version.
-MSK
Received on Fri Aug 17 2012 - 16:32:08 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:20:42 PST