Re: [openssl.org #1011] PKCS7 verifier fails to recognize sha1WithRSAEncryption digestAlgorithm
" via RT" <firstname.lastname@example.org> writes:
> there are 2 published standard versions: 1.5 and 1.6
Does OpenSSL Support both of them?
> The "1" shows version 1.5 rules apply
> SET of objects here should be DigestAlgorithmIdentifier
> with DigestAlgorithms "include MD2 and MD5" (clause 6.3).
> For S/MIME (draft-ietf-smime-rfc2633bis-08.txt),
> DigestAlgorithmIdentifier "MUST support SHA-1" (clause 2.1).
> See also draft-ietf-smime-rfc3369bis-02.txt clause 10.1.1.
> For a project implementing SET, I was using SHA-1 here
> and that was specified in SET books.
> For the message attached, SignedData start at offset 63
> and objectID in question at offset 74.
> I'd suggest to double-check exactly what specifications
> the other PKI (creating PKCS7 in question) follows[/color]
It's Windows. It supposedly is trying to support CMS / S/MIME.
Telling me "windows is broken, go fix it" is unfortunately as helpful
as telling me "the sky is blue, go fix it". :(
Windows accepts either "sha1" or "sha1WithRSAEncryption" in this
particular slot; It would be nice if openssl did, too, even if it's
not 100% "to the spec". As Jon Postel always said, "be liberal in
what you accept".
Derek Atkins 617-623-3745
Computer and Internet Security Consultant
OpenSSL Project [url]http://www.openssl.org[/url]
Development Mailing List [email]email@example.com[/email]
Automated List Manager [email]firstname.lastname@example.org[/email]