diff --git a/peyotls.cabal b/peyotls.cabal
--- a/peyotls.cabal
+++ b/peyotls.cabal
@@ -2,7 +2,7 @@
 cabal-version:	>= 1.8
 
 name:		peyotls
-version:	0.0.0.4
+version:	0.0.0.5
 stability:	Experimental
 author:		Yoshikuni Jujo <PAF01143@nifty.ne.jp>
 maintainer:	Yoshikuni Jujo <PAF01143@nifty.ne.jp>
@@ -272,7 +272,7 @@
 source-repository	this
     type:	git
     location:	git://github.com/YoshikuniJujo/peyotls.git
-    tag:	peyotls-0.0.0.4
+    tag:	peyotls-0.0.0.5
 
 library
     hs-source-dirs:	src
diff --git a/src/Network/PeyoTLS/HandshakeBase.hs b/src/Network/PeyoTLS/HandshakeBase.hs
--- a/src/Network/PeyoTLS/HandshakeBase.hs
+++ b/src/Network/PeyoTLS/HandshakeBase.hs
@@ -166,7 +166,8 @@
 			ASN1.OctetString h, ASN1.End ASN1.Sequence]
 		b = ASN1.encodeASN1' ASN1.DER a
 		pd = BS.concat [ "\x00\x01",
-			BS.replicate (125 - BS.length b) 0xff, "\NUL", b ] in
+			BS.replicate (ps - 3 - BS.length b) 0xff, "\NUL", b ]
+		ps = RSA.public_size $ RSA.private_pub sk in
 		RSA.dp (Just bl) sk pd
 	signatureAlgorithm _ = Rsa
 
diff --git a/src/Network/PeyoTLS/HandshakeMonad.hs b/src/Network/PeyoTLS/HandshakeMonad.hs
--- a/src/Network/PeyoTLS/HandshakeMonad.hs
+++ b/src/Network/PeyoTLS/HandshakeMonad.hs
@@ -65,8 +65,8 @@
 instance ValidateHandle Handle where
 	validate _ cs (X509.CertificateChain cc) =
 		X509.validate X509.HashSHA256 X509.defaultHooks
-			validationChecks cs validationCache ("", "") .
-				X509.CertificateChain $ reverse cc
+			validationChecks cs validationCache ("", "") $
+				X509.CertificateChain cc -- $ reverse cc
 		where
 		validationCache = X509.ValidationCache
 			(\_ _ _ -> return X509.ValidationCacheUnknown)
diff --git a/src/Network/PeyoTLS/Server.hs b/src/Network/PeyoTLS/Server.hs
--- a/src/Network/PeyoTLS/Server.hs
+++ b/src/Network/PeyoTLS/Server.hs
@@ -10,7 +10,7 @@
 	ValidateHandle(..), CertSecretKey ) where
 
 import Control.Monad (unless, liftM, ap)
-import "monads-tf" Control.Monad.Error (catchError)
+import "monads-tf" Control.Monad.Error (catchError, lift)
 import qualified "monads-tf" Control.Monad.Error as E (throwError)
 import "monads-tf" Control.Monad.Error.Class (strMsg)
 import Data.List (find)
@@ -19,6 +19,7 @@
 import "crypto-random" Crypto.Random (CPRG)
 
 import qualified Data.ByteString as BS
+import qualified Data.ByteString.Char8 as BSC
 import qualified Data.X509 as X509
 import qualified Data.X509.Validation as X509
 import qualified Data.X509.CertificateStore as X509
@@ -86,6 +87,8 @@
 		AES_128_CBC_SHA256 -> return Sha256
 		_ -> E.throwError
 			"TlsServer.open: not implemented bulk encryption type"
+	lift . lift . lift . hlDebug h "critical" . BSC.pack . (++ "\n") . show .
+		RSA.public_size $ RSA.private_pub rsk
 	mpk <- (\kep -> kep (cr, sr) mcs) $ case ke of
 		RSA -> rsaKeyExchange rsk cv
 		DHE_RSA -> dhKeyExchange ha dh3072Modp rsk
