Morning,

I'm currently trying to reject certificate chains which rely on MD5 and
SHA-1 for signatures. I found SSL_get0_verified_chain which could be used
to walk the chain and reject if there's any MD5 / SHA-1 certificate in
there, except for the last one, which is trusted because of the public key
instead of based on the signature, so a weak signature algorithm doesn't
have any impact there.

Unfortunately, SSL_get0_verified_chain is only available in OpenSSL 1.1,
but not in OpenSSL 1.0.1 or 1.0.2, which both have to be supported. With
OpenSSL 1.1, we could also just use "auth_level" and be done.

What's the best way / a working way to reject weak signature schemes in
OpenSSL 1.0.{1,2}?

Regards, Niklas
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to