Index: openpgpsdk/trunk/src/lib/packet-parse.c
===================================================================
--- openpgpsdk/trunk/src/lib/packet-parse.c (revision 602)
+++ openpgpsdk/trunk/src/lib/packet-parse.c (revision 608)
@@ -1239,4 +1239,7 @@
     unsigned char c[1];
     ops_parser_content_t content;
+
+    // clear signature
+    memset(&C.signature,'\0',sizeof C.signature);
 
     C.signature.info.version=OPS_V3;
Index: openpgpsdk/trunk/src/lib/validate.c
===================================================================
--- openpgpsdk/trunk/src/lib/validate.c (revision 602)
+++ openpgpsdk/trunk/src/lib/validate.c (revision 608)
@@ -55,14 +55,33 @@
     hash.init(&hash);
     hash.add(&hash,data,len);
-    hash.add(&hash,sig->info.v4_hashed_data,sig->info.v4_hashed_data_length);
-
-    trailer[0]=0x04; // version
-    trailer[1]=0xFF;
-    hashedlen=sig->info.v4_hashed_data_length;
-    trailer[2]=hashedlen >> 24;
-    trailer[3]=hashedlen >> 16;
-    trailer[4]=hashedlen >> 8;
-    trailer[5]=hashedlen;
-    hash.add(&hash,&trailer[0],6);
+    switch (sig->info.version)
+        {
+    case OPS_V3:
+        trailer[0]=sig->info.type;
+        trailer[1]=sig->info.creation_time >> 24;
+        trailer[2]=sig->info.creation_time >> 16;
+        trailer[3]=sig->info.creation_time >> 8;
+        trailer[4]=sig->info.creation_time;
+        hash.add(&hash,&trailer[0],5);
+        break;
+
+    case OPS_V4:
+        hash.add(&hash,sig->info.v4_hashed_data,sig->info.v4_hashed_data_length);
+
+        trailer[0]=0x04; // version
+        trailer[1]=0xFF;
+        hashedlen=sig->info.v4_hashed_data_length;
+        trailer[2]=hashedlen >> 24;
+        trailer[3]=hashedlen >> 16;
+        trailer[4]=hashedlen >> 8;
+        trailer[5]=hashedlen;
+        hash.add(&hash,&trailer[0],6);
+        
+        break;
+
+    default:
+        fprintf(stderr,"Invalid signature version %d\n", sig->info.version);
+        return ops_false;
+        }
 
     n=hash.finish(&hash,hashout);
@@ -221,5 +240,6 @@
 	return OPS_KEEP_MEMORY;
 
-    case OPS_PTAG_CT_SIGNATURE_FOOTER:
+    case OPS_PTAG_CT_SIGNATURE: // V3 sigs
+    case OPS_PTAG_CT_SIGNATURE_FOOTER: // V4 sigs
         /*
         printf("  type=%02x signer_id=",content->signature.type);
@@ -305,6 +325,5 @@
     case OPS_PARSER_PTAG:
     case OPS_PTAG_CT_SIGNATURE_HEADER:
-    case OPS_PTAG_CT_SIGNATURE:
- case OPS_PARSER_PACKET_END:
+    case OPS_PARSER_PACKET_END:
 	break;
 
@@ -366,7 +385,4 @@
 
     case OPS_PTAG_CT_SIGNATURE: // V3 sigs
-        // this gives us a signature struct with all info about hash alg, etc from the packet
-        break;
-
     case OPS_PTAG_CT_SIGNATURE_FOOTER: // V4 sigs
         
@@ -436,11 +452,8 @@
 	    {
         add_sig_to_valid_list(arg->result, &content->signature.info);
-        //	    ++arg->result->valid_count;
 	    }
 	else
 	    {
         OPS_ERROR(errors,OPS_E_V_BAD_SIGNATURE,"Bad Signature");
-        //	    printf(" BAD SIGNATURE\n");
-        //	    ++arg->result->invalid_count;
         add_sig_to_invalid_list(arg->result, &content->signature.info);
 	    }
@@ -454,5 +467,4 @@
  case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
  case OPS_PARSER_PACKET_END:
-        //    case OPS_PTAG_CT_SIGNATURE:
 	break;
 
Index: openpgpsdk/trunk/tests/test_rsa_verify.c
===================================================================
--- openpgpsdk/trunk/tests/test_rsa_verify.c (revision 607)
+++ openpgpsdk/trunk/tests/test_rsa_verify.c (revision 608)
@@ -54,4 +54,5 @@
 
 static char *filename_rsa_v3sig="gpg_rsa_sign_v3sig.txt";
+static char *filename_rsa_v3sig_fail_bad_sig="gpg_rsa_sign_v3sig_fail_bad_sig.txt";
 
 static char *filename_rsa_hash_md5="gpg_rsa_hash_md5.txt";
@@ -111,4 +112,5 @@
 
     create_small_testfile(filename_rsa_v3sig);
+    create_small_testfile(filename_rsa_v3sig_fail_bad_sig);
     create_small_testfile(filename_rsa_hash_md5);
 
@@ -155,4 +157,11 @@
              dir, filename_rsa_v3sig,
              gpgcmd, alpha_name, dir, filename_rsa_v3sig);
+    if (system(cmd))
+        { return 1; }
+
+    // V3 signature to fail
+    snprintf(cmd,sizeof cmd,"cat %s/%s | %s --compress-level 0 --sign --force-v3-sigs --local-user %s > %s/%s.gpg",
+             dir, filename_rsa_v3sig_fail_bad_sig,
+             gpgcmd, alpha_name, dir, filename_rsa_v3sig_fail_bad_sig);
     if (system(cmd))
         { return 1; }
@@ -474,4 +483,12 @@
     }
 
+static void test_rsa_verify_v3sig_fail_bad_sig(void)
+    {
+    int armour=0;
+    assert(pub_keyring.nkeys);
+
+    test_rsa_verify_fail(armour,filename_rsa_v3sig_fail_bad_sig, callback_bad_sig, OPS_E_V_BAD_SIGNATURE);
+    }
+
 static void test_rsa_verify_clearsign_fail_bad_sig(void)
     {
@@ -527,4 +544,7 @@
 	    return NULL;
 
+    if (NULL == CU_add_test(suite, "V3 signature: should fail on bad sig", test_rsa_verify_v3sig_fail_bad_sig))
+	    return NULL;
+
     if (NULL == CU_add_test(suite, "MD5 Hash", test_rsa_verify_hash_md5))
 	    return NULL;