On Fri, Aug 01, 2014, Thomas Herchek wrote: > Hi All, > > We are using cURL and OpenSSL, version 1.0.0.1, in our product and am > getting an error I?m hoping to get help with. > > We have a customer who created a self-signed server cert, on the host server > (net-oh1-ca-03.internal1.com), and then added the public CA to the server > where our software resides (the client machine). When they configure the > URL (https://net-oh1-ca-03.internal1.com) to point to this host server they > get this error: error:0D0C50C7:asn1 encoding > routines:ASN1_item_verify:unknown signature algorithm > > I also tried version 1.0.0.13 but am still getting the same error. Any > ideas on what the issue might be? >
The certificate is signed using the RSA-PSS algorithm and OpenSSL 1.0.0 does not support that algorithm. You need at least 1.0.1. It could be argued that using RSA-PSS with TLS is illegal anyway. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org