On Tue, Feb 14, 2012, Roumen Petrov wrote: > Dr. Stephen Henson wrote: > >On Wed, Feb 01, 2012, Roumen Petrov wrote: > [SNIP] > >Looking into this there is a long standing incompatibility between > >various functions that use mdc2 for signatures. Since SSLeay the > >function RSA_sign() using mdc2 as an argument uses a DigestInfo > >structure whereas using EVP ends up with a different octet string > >format signature. It's only when the signature code was revised to > >use RSA_sign more extensively that this is more apparent. How > >widespread is use of mdc2 for signatures and certificates? > mdc2 is not important for certificates as the list of certificates > included in some linux distributions does not include such > certificates. >
Should be fixed now, see: http://cvs.openssl.org/chngview?cn=22124 to make OpenSSL understand both formats when verifying and: http://cvs.openssl.org/chngview?cn=22126 to use the same format as older versions of OpenSSL when creating signatures. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
