We use Verisign certs for signing and encrypting our email. This year Verisign
changed the algorithm used for their certs from md5RSA to sha1RSA. Now all my
unix and mac clients can no longer import their certs because openssl
apparently doesn't understand that algorithm.
This is the result of the following command for an md5RSA cert - openssl pkcs12
-in certname:
Bag Attributes: <Empty Attributes>
subject=/O=The University of Texas System/OU=VeriSign Trust Network/OU=Terms of
use at https://www.verisign.com/rpa (c)99/OU=Class 2 CA - OnSite Individual
Subscriber/CN=The University of Texas at Dallas CA
issuer=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
- G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust
Network
This is the result of the same command for a sha1RSA cert:
88566:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:1294:
88566:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:380:Type=PKCS12
Is there a roadmap in the development plan for including sha1RSA in the
algorithms that openssl understands?
--
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
