Thanks Dave. It worked fine :) Did you know how I get the digest algorithm for X.509 certificates. I saw something about OID, but I didn't find the list of valid OID and the corresponding algorithms.
Thanks in advance, Tatiana 2011/12/9 Dave Thompson <[email protected]> > > From: [email protected] On Behalf Of Tatiana Evers > > Sent: Wednesday, 07 December, 2011 08:17 > > > Is there any function in OpenSSL (library) to get signature > > algorithm from a certificate? I need to block MD5 certificates. > > No; a good deal of the X509_ interface dates back to early days > before there was an effort to hide data structures. > Just use x509->sig_alg->algorithm and maybe OBJ_obj2nid . > > Or, you could use FIPS mode (of a FIPS build, but the last > validation is a bit out of date now; a new one is in progress > but they usually take several months, sometimes many months). > FIPS mode restricts algorithms to those approved by NIST, > and MD5 is not among them. :-) :-( :-? > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] >
