> From: [email protected] On Behalf Of Tatiana Evers > Sent: Wednesday, 07 December, 2011 08:17
> Is there any function in OpenSSL (library) to get signature > algorithm from a certificate? I need to block MD5 certificates. No; a good deal of the X509_ interface dates back to early days before there was an effort to hide data structures. Just use x509->sig_alg->algorithm and maybe OBJ_obj2nid . Or, you could use FIPS mode (of a FIPS build, but the last validation is a bit out of date now; a new one is in progress but they usually take several months, sometimes many months). FIPS mode restricts algorithms to those approved by NIST, and MD5 is not among them. :-) :-( :-? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
