Thanks a lot, Dave. So it means that SHA256 is only technically supported from 0.9.7h. If I am using 0.9.7d, it is not included, right?
Best Regards, Aaron -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, November 21, 2012 10:01 AM To: openssl-users@openssl.org Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm > From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao > (Aaron, HPSW-R&D-SH) > Sent: Tuesday, 20 November, 2012 10:42 > In our product, we are still using OpenSSL 0.9.7d (on Windows > platform) for certificate validation. Recently we suffered an issue > about certificates based SHA256, and the following error is thrown: > > ldap_bind: Can't contact LDAP server (-1) > additional info: error:0D0890A1:asn1 encoding > routines:ASN1_verify:unknown message digest algorithm > > My question is: > > 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? On one system I still have 0.9.7m which does have SHA-2, with no mention in CHANGES. However, the 0.9.8* CHANGES describe it as added by 0.9.8(original) and not in 0.9.7h. Thus it was apparently backported somewhere >7h <=7m. > 2) If answer is NO for point 1, since which version does OpenSSL > support SHA Digest Algorithm? > (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in OpenSSL much longer, and the algorithm originally released as SHA was defective and withdrawn before use.) Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and signatures using SHA-2 with RSA. Due to API limitation they can't do signatures using SHA-2 with ECDSA, and AIR don't have the DSA sizes for SHA-2 added by FIPS 186-3. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org