Re: OCSP response signature algorithm

2020-07-09 Thread John Jiang 
I just got the OpenSSL ocsp tool option -rmd for specifying the digest
algorithm in signature.

This option is described at the below page,
https://www.openssl.org/docs/manmaster/man1/openssl-ocsp.html

Just out of curiosity, why isn't it at the following man page?
https://www.openssl.org/docs/man1.1.1/man1/ocsp.html
Though this option is supported by 1.1.1 series.

On Mon, Jul 6, 2020 at 6:15 AM John Jiang  wrote:

> I just want to know how does OpenSSL implement RFC 6960 section 4.4.7.2
> Responder Signature Algorithm Selection.
>
> Could I take a OpenSSL responder to use SHA1withRSA signature algorithm
> if the certificate is signed by this algorithm?
>
> [1] https://tools.ietf.org/html/rfc6960#section-4.4.7.2
>
> On Sat, Jul 4, 2020 at 12:18 AM John Jiang 
> wrote:
>
>> Hi,
>> I'm using OpenSSL 1.1.1.
>>
>> Can I configure the OCSP response signature algorithm?
>> For a RSA issuer, it looks SHA256withRSA always be selected.
>>
>> PreferredSignatureAlgorithms extension in OCSP request may affect this
>> algorithm in OpenSSL OCSP response. However, I prefer to use configuration.
>>
>> Thanks!
>>
>

Re: OCSP response signature algorithm

2020-07-05 Thread John Jiang 
I just want to know how does OpenSSL implement RFC 6960 section 4.4.7.2
Responder Signature Algorithm Selection.

Could I take a OpenSSL responder to use SHA1withRSA signature algorithm
if the certificate is signed by this algorithm?

[1] https://tools.ietf.org/html/rfc6960#section-4.4.7.2

On Sat, Jul 4, 2020 at 12:18 AM John Jiang  wrote:

> Hi,
> I'm using OpenSSL 1.1.1.
>
> Can I configure the OCSP response signature algorithm?
> For a RSA issuer, it looks SHA256withRSA always be selected.
>
> PreferredSignatureAlgorithms extension in OCSP request may affect this
> algorithm in OpenSSL OCSP response. However, I prefer to use configuration.
>
> Thanks!
>

RE: OCSP response signature algorithm

2020-07-03 Thread paul h. roubekas 
unsubscribe openssl-users

 

 

From: openssl-users  On Behalf Of John Jiang
Sent: Friday, July 3, 2020 12:19 PM
To: openssl-users 
Subject: OCSP response signature algorithm

 

Hi,

I'm using OpenSSL 1.1.1.

 

Can I configure the OCSP response signature algorithm?

For a RSA issuer, it looks SHA256withRSA always be selected.

 

PreferredSignatureAlgorithms extension in OCSP request may affect this 
algorithm in OpenSSL OCSP response. However, I prefer to use configuration.

 

Thanks!

OCSP response signature algorithm

2020-07-03 Thread John Jiang 
Hi,
I'm using OpenSSL 1.1.1.

Can I configure the OCSP response signature algorithm?
For a RSA issuer, it looks SHA256withRSA always be selected.

PreferredSignatureAlgorithms extension in OCSP request may affect this
algorithm in OpenSSL OCSP response. However, I prefer to use configuration.

Thanks!