[openssl-users] Why openssl 1.0.1p accepts composite $q$ in DSA?
Georgi Guninski
guninski at guninski.com
Wed Sep 9 12:02:36 UTC 2015
On Wed, Sep 09, 2015 at 11:55:36AM +0000, Viktor Dukhovni wrote:
>
> The expected time for this sort of check is when CAs sign certificates,
> not when TLS handshake participants validate the certificates of
> their peers (issued by trusted issuers, or else why bother).
>
Are you saying I can't sign the cert with another cert
(the pubkey is easy to extract from the cert) with openssl?
More information about the openssl-users
mailing list