On 19/01/15 14:47, Stephen Henson via RT wrote: > On Mon Jan 19 14:40:32 2015, steve wrote: >> >> The problem is that the two fields containing the signature algorithm >> do not match. > > The current 'x509' utility can't show this difference (I have an option I'm > testing which will).
Steve, while you're there... I've been caught out a few times in the past because the 'x509' utility displays the "outer" signature algorithm in the place where it should display the "inner" signature algorithm. This is fine when they match, but it's rather unhelpful when they don't match! Please consider this trivial patch. Thanks. diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 89115c7..97abd51 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -168,7 +168,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) if(!(cflag & X509_FLAG_NO_SIGNAME)) { - if(X509_signature_print(bp, x->sig_alg, NULL) <= 0) + if(X509_signature_print(bp, ci->signature, NULL) <= 0) goto err; #if 0 if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev