[openssl-dev] [openssl.org #3665] Bug report and a patch for OpenSSL 1.0.1l (and 1.0.1k)
Stephen Henson via RT
rt at openssl.org
Mon Jan 19 14:47:34 UTC 2015
On Mon Jan 19 14:40:32 2015, steve wrote:
>
> The problem is that the two fields containing the signature algorithm
> do not match.
>
The current 'x509' utility can't show this difference (I have an option I'm
testing which will). It is possible to use the cms command diagnostic output
though:
openssl crl2pkcs7 -nocrl -certfile RabbitMQ_Test.pem | openssl cms -cmsout
-print -inform PEM
...
signature:
algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
parameter: <ABSENT>
...
sig_alg:
algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
parameter: NULL
[sig_alg is the name of the field used internally by OpenSSL to store the
signatureAlgorithm field]
Whereas another case (e.g. test apps/server.pem) shows:
signature:
algorithm: sha1WithRSAEncryption (1.2.840.113549.1.1.5)
parameter: NULL
sig_alg:
algorithm: sha1WithRSAEncryption (1.2.840.113549.1.1.5)
parameter: NULL
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list