On 18/06/2016 18:02, Marc Heuse wrote:
> Hi,
>
> I have a problem with porting OpenSSL code from 1.0 to 1.1.
> Please do not complain that it does not look like it make sense what
> this code does here - complain to Microsoft who implements certs with
> RDP non-standard ...
>
> The goal of the following code is to change the ASN.1 value of the
> signature algorithm in a certificate.
>
> // OpenSSL 1.0 code, well, really written already when 0.9 was there
>
> nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
> if ((nid == NID_md5WithRSAEncryption) || (nid ==
> NID_shaWithRSAEncryption)) {
> ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
> cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
> }
>
>
> // OpenSSL 1.1 code
>
> nid = X509_get_signature_nid(cert);
> if ((nid == NID_md5WithRSAEncryption) || (nid ==
> NID_shaWithRSAEncryption)) {
> ... how to set the algorithm in the cert to NID_rsaEncryption in
> OpenSSL v1.1.x?
>
>
> Any help how to implement this with the new 1.1 functions is highly
> appreciated :)
>
Strangely, when I look at certificates generated by the "openssl ca"
utility, they already say "Public Key Algorithm: rsaEncryption",
where did you get certificates that specified "md5WithRSAEncryption"
or "shaWithRsaEncryption" as the subject public key algorithm?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160621/a16dbe0c/attachment.html>
