Hello, I think the person I spoke with might have thought about another set of signatures for an in-house identity provider. If that is the case then those signatures were probably generated by OpenSSL 1.0.2 and are OK. I heard from another person today that the bad files were produced by the other primary identity provider we use, so we must support the existing format. Now I really do not see any other solution but to either downgrade or fork OpenSSL.
On Wed, Apr 3, 2019 at 9:59 AM Matt Caswell <m...@openssl.org> wrote: > > > On 02/04/2019 17:34, Steffen wrote: > > Hello, > > > >> What had produced the signatures? > > > > I received word from my end that the signatures may have been produced by > > OpenSSL 1.0.2 (no idea which letter release) in the Cygwin environment > but I > > cannot confirm this. > > > > If that's the case, I'd really like to know what specific version and how > the > signatures were generated (although it seems a little surprising if 1.0.2 > is > creating these incorrect signatures that no-one else has encountered this, > since > the commit in question went in over 2.5 years ago). > > Matt >