TLS 1.2 with standard signature? Why hash->size == 36??

Simon Josefsson simon at
Thu Oct 8 20:12:56 CEST 2009

Carolin Latze <carolin.latze at> writes:

> Hi Simon,
> I tried to use TLS 1.2 with and without sign callback, and I still see a
> signature of 36 bytes... Even if there is a leading SHA-1 OID, shouldn't
> it be max 35 then?

Hi, and thanks for testing.  Nope, then it doesn't work. :-(

I recall the SHA-1 OID plus the SHA-1 hash is 32 bytes.

I suspect this indicate that signing using _client_ certificates haven't
been made working with TLS 1.2 yet.  I'll try to get an environment up
where I can start debug this better.  It should be possible to get
something working now that both Opera 10 and mikestoolbox.* are
available for testing.

> Maybe we should check, whether I check the right variables:
> In gnutls_sig.c, method _gnutls_tls_sign_hdata, there is a structure
> called dconcat. dconcat.size holds the hash size, right? and
> should hold the hash itself? dconcat.size has a value of 36
> for me...
> If I use the sign callback, I print the value of hash->size (=36) and
> hash->data (cannot see the OID included in that value, so for me it
> looks like it is really not SHA-1 only).
> Maybe I check the wrong values?

No you did right -- if it works, the first few bytes of the data to sign
should be an OID which should be easy to identify.


> BTW: I used the latest Snapshot, 2.9.8 to test it.
> Sorry... :-/
> Carolin
> Simon Josefsson wrote:
>> Carolin Latze <carolin.latze at> writes:
>>> Hi all,
>>> according to RFC 5246, TLS 1.2 should use a standard signature, but if
>>> I enable TLS 1.2 in GnuTLS and print out the hash size it says
>>> 36... that does not sound like a standard signature.. I would expect
>>> something like 20 for SHA1. Am I wrong?
>> Hi!  With GnuTLS 2.9.7 I hope this should work better -- could you take
>> a look?  It should have more solid TLS 1.2 support.
>> Thanks,
>> Simon

More information about the Gnutls-help mailing list