[EMAIL PROTECTED] - Sat Feb 19 17:01:21 2005]: > "Stephen Henson via RT" <[EMAIL PROTECTED]> writes: > > >> Is there a good (suggested) workaround for the older version that > >> doesn't have this fix? Can I, perhaps, define a new hash-type that > >> defines itself as sha1WithRSAEncryption? Or do you think that > would > >> cause problems? > >> > > > > Well replacing pk7_doit.c with the latest version would be one fix. > If > > you need an application level fix you could always look for > > sha1WithRSAEncryption in the PKCS7 structure and change it to SHA1. > > Hmm, okay.. Let me rephrase -- is there an application-level fix that > I can put into place while still using the "vendor-supplied" openssl > library? I wouldn't think that an application could supply its own > version of pk7_doit.c and get the system libssl to see it? >
That is what my second suggestion was: after the PKCS7 structure has been read in, but before passing to PKCS7_verify() change any digest OIDs that are sha1WithRSAEncryption to SHA1. > > In the meantime I'm also looking at the other side to see if I can > convince windows to generate pkcs7 with sha1, or some way to change > that. > That's certainly possible: OE and some programs I've seen readily produce the correct form. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]