[EMAIL PROTECTED] - Sat Feb 19 17:01:21 2005]:
Stephen Henson via RT [EMAIL PROTECTED] writes:
Is there a good (suggested) workaround for the older version that
doesn't have this fix? Can I, perhaps, define a new hash-type that
defines itself as sha1WithRSAEncryption? Or do you think that
would
cause problems?
Well replacing pk7_doit.c with the latest version would be one fix.
If
you need an application level fix you could always look for
sha1WithRSAEncryption in the PKCS7 structure and change it to SHA1.
Hmm, okay.. Let me rephrase -- is there an application-level fix that
I can put into place while still using the vendor-supplied openssl
library? I wouldn't think that an application could supply its own
version of pk7_doit.c and get the system libssl to see it?
That is what my second suggestion was: after the PKCS7 structure has
been read in, but before passing to PKCS7_verify() change any digest
OIDs that are sha1WithRSAEncryption to SHA1.
In the meantime I'm also looking at the other side to see if I can
convince windows to generate pkcs7 with sha1, or some way to change
that.
That's certainly possible: OE and some programs I've seen readily
produce the correct form.
Steve.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]