"Stephen Henson via RT" writes:

> What version of OpenSSL are you using? Since OpenSSL 0.9.7c and later
> this is present:

Hmm, I'm using what Red Hat ships, which I guess is 0.9.7a + a bunch
of patches. So I guess this means I need to push back at Red Hat.
That's unfortunate, as Red Hat is _STILL_ shipping 0.9.7a + patches
even in Fedora Core 3 and the yet-to-be-released RHEL4. I guess it's
time to talk to them, too.

> if (EVP_MD_CTX_type(mdc) == md_type)
> break;
> /* Workaround for some broken clients that put the signature
> * OID instead of the digest OID in digest_alg->algorithm
> */
> if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
> break;
> btmp=BIO_next(btmp);
> so the case you are referring to should be handled. If for some reason
> you are using a newer version of OpenSSL and still see this issue please
> send me the PKCS#7 structure OpenSSL doesn't like and I'll analyse it.

Is there a good (suggested) workaround for the older version that
doesn't have this fix? Can I, perhaps, define a new hash-type that
defines itself as sha1WithRSAEncryption? Or do you think that would
cause problems?


> Steve.


Derek Atkins 617-623-3745
Computer and Internet Security Consultant

__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager