[openssl-users] Trouble porting code to OpenSSL 1.1

Marc Heuse mh at mh-sec.de
Sat Jun 18 16:02:07 UTC 2016


I have a problem with porting OpenSSL code from 1.0 to 1.1.
Please do not complain that it does not look like it make sense what
this code does here - complain to Microsoft who implements certs with
RDP non-standard ...

The goal of the following code is to change the ASN.1 value of the
signature algorithm in a certificate.

  // OpenSSL 1.0 code, well, really written already when 0.9 was there

  nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
  if ((nid == NID_md5WithRSAEncryption) || (nid ==
NID_shaWithRSAEncryption)) {
    cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);

  // OpenSSL 1.1 code

  nid = X509_get_signature_nid(cert);
  if ((nid == NID_md5WithRSAEncryption) || (nid ==
NID_shaWithRSAEncryption)) {
    ... how to set the algorithm in the cert to NID_rsaEncryption in
OpenSSL v1.1.x?

Any help how to implement this with the new 1.1 functions is highly
appreciated :)


Marc Heuse

PGP: AF3D 1D4C D810 F0BB 977D  3807 C7EE D0A0 6BE9 F573

More information about the openssl-users mailing list