> From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao (Aaron, HPSW-R&D-SH) > Sent: Tuesday, 20 November, 2012 10:42
> In our product, we are still using OpenSSL 0.9.7d (on Windows > platform) for certificate validation. Recently we suffered an > issue about certificates based SHA256, and the following > error is thrown: > > ldap_bind: Can't contact LDAP server (-1) > additional info: error:0D0890A1:asn1 encoding > routines:ASN1_verify:unknown message digest algorithm > > My question is: > > 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? On one system I still have 0.9.7m which does have SHA-2, with no mention in CHANGES. However, the 0.9.8* CHANGES describe it as added by 0.9.8(original) and not in 0.9.7h. Thus it was apparently backported somewhere >7h <=7m. > 2) If answer is NO for point 1, since which version does > OpenSSL support SHA Digest Algorithm? > (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in OpenSSL much longer, and the algorithm originally released as SHA was defective and withdrawn before use.) Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and signatures using SHA-2 with RSA. Due to API limitation they can't do signatures using SHA-2 with ECDSA, and AIR don't have the DSA sizes for SHA-2 added by FIPS 186-3. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
