Am Sat, 19 Sep 2015 23:09:16 +0200 schrieb Jakob Bohm <jb-openssl at wisemo.com>: > 1. The error should not call this "plain", this would lead > to the same misunderstanding I had earlier. Right. I'm not an advanced english speaker, I shouldn't name it at all. ;-) Btw. In the meantime I think my last suggestion for a patch is poor. Still handling this kind of signatures as an error would fail/stop the whole verification process and if this happens with some intermediate certificate, then the application cannot turn this into a successful verification (AFAIK). I haven't found a way to make it configurable, yet. That is to not change OpenSSLs default behaviour but have an option to let it accept those kind of signatures. > 3. It would be really nice if someone in the know would > explain under which conditions this alternative signature > algorithm is used and/or necessary. Yes. I've found only a single time stamping service so far. Regards Michael
