On Sat, Jun 18, 2016, Marc Heuse wrote:
> Hi,
>
> I have a problem with porting OpenSSL code from 1.0 to 1.1.
> Please do not complain that it does not look like it make sense what
> this code does here - complain to Microsoft who implements certs with
> RDP non-standard ...
>
I am curious though as to why you need to do this...
>
> // OpenSSL 1.0 code, well, really written already when 0.9 was there
>
> nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
> if ((nid == NID_md5WithRSAEncryption) || (nid ==
> NID_shaWithRSAEncryption)) {
> ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
> cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
> }
>
>
> // OpenSSL 1.1 code
>
> nid = X509_get_signature_nid(cert);
> if ((nid == NID_md5WithRSAEncryption) || (nid ==
> NID_shaWithRSAEncryption)) {
> ... how to set the algorithm in the cert to NID_rsaEncryption in
> OpenSSL v1.1.x?
>
>
Well the start of that isn't equivalent.
Anyway here goes.
First you need to get the X509_PUBKEY structure from the certificate
(cert->cert_info->key). You can do this with X509_get_X509_PUBKEY().
Once you have that you can get the algorithm OID and algorithm identifier (you
only need the latter) using X509_PUBKEY_get0_param().
Then you can use X509_ALGOR_get0() to retrieve the ASN1_OBJECT and
X509_ALGOR_set0 to set it if you need to.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
