[derek@ihtfp.com - Fri Feb 18 22:57:50 2005]:

> Stephen,
>
> "Stephen Henson via RT" writes:
>
> > if (EVP_MD_CTX_type(mdc) == md_type)
> > break;
> > /* Workaround for some broken clients that put the signature
> > * OID instead of the digest OID in digest_alg->algorithm
> > */
> > if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
> > break;
> > btmp=BIO_next(btmp);
> >
> >
> > so the case you are referring to should be handled. If for some reason
> > you are using a newer version of OpenSSL and still see this issue please
> > send me the PKCS#7 structure OpenSSL doesn't like and I'll analyse it.

>
> Is there a good (suggested) workaround for the older version that
> doesn't have this fix? Can I, perhaps, define a new hash-type that
> defines itself as sha1WithRSAEncryption? Or do you think that would
> cause problems?
>


Well replacing pk7_doit.c with the latest version would be one fix. If
you need an application level fix you could always look for
sha1WithRSAEncryption in the PKCS7 structure and change it to SHA1.

Steve.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org