I just got the OpenSSL ocsp tool option -rmd for specifying the digest algorithm in signature.
This option is described at the below page, https://www.openssl.org/docs/manmaster/man1/openssl-ocsp.html Just out of curiosity, why isn't it at the following man page? https://www.openssl.org/docs/man1.1.1/man1/ocsp.html Though this option is supported by 1.1.1 series. On Mon, Jul 6, 2020 at 6:15 AM John Jiang <john.sha.ji...@gmail.com> wrote: > I just want to know how does OpenSSL implement RFC 6960 section 4.4.7.2 > Responder Signature Algorithm Selection. > > Could I take a OpenSSL responder to use SHA1withRSA signature algorithm > if the certificate is signed by this algorithm? > > [1] https://tools.ietf.org/html/rfc6960#section-4.4.7.2 > > On Sat, Jul 4, 2020 at 12:18 AM John Jiang <john.sha.ji...@gmail.com> > wrote: > >> Hi, >> I'm using OpenSSL 1.1.1. >> >> Can I configure the OCSP response signature algorithm? >> For a RSA issuer, it looks SHA256withRSA always be selected. >> >> PreferredSignatureAlgorithms extension in OCSP request may affect this >> algorithm in OpenSSL OCSP response. However, I prefer to use configuration. >> >> Thanks! >> >
