[openssl-users] Rejecting SHA-1 certificates

Niklas Keller me at kelunik.com
Mon Jul 10 07:45:35 UTC 2017


I'm currently trying to reject certificate chains which rely on MD5 and
SHA-1 for signatures. I found SSL_get0_verified_chain which could be used
to walk the chain and reject if there's any MD5 / SHA-1 certificate in
there, except for the last one, which is trusted because of the public key
instead of based on the signature, so a weak signature algorithm doesn't
have any impact there.

Unfortunately, SSL_get0_verified_chain is only available in OpenSSL 1.1,
but not in OpenSSL 1.0.1 or 1.0.2, which both have to be supported. With
OpenSSL 1.1, we could also just use "auth_level" and be done.

What's the best way / a working way to reject weak signature schemes in
OpenSSL 1.0.{1,2}?

Regards, Niklas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170710/f0c97b22/attachment.html>

More information about the openssl-users mailing list