Working around wrong algorithm specification in certificates

Mads Kiilerich mads at
Tue Jul 20 01:14:33 CEST 2010


I am trying to use GnuTLS in an application where I for interoperability 
need to read the public key of x509 certificates.

But gnutls_x509_crt_get_pk_rsa_raw fails - because 
gnutls_x509_crt_get_pk_algorithm returns GNUTLS_PK_UNKNOWN, because the 
public key oid is SIG_RSA_MD5_OID 1.2.840.113549.1.1.4 instead of the 
PK_PKIX1_RSA_OID 1.2.840.113549.1.1.1 it should have been.

Do you have any idea how I can workaround that? In NSS and openssl it is 
possible to patch the parsed cert, but it seems like that isn't possible 
with GnuTLS?

What would be the least ugly hack I can use? To somehow call 
asn1_write_value to set the right OID? Or _gnutls_x509_read_value and 
_gnutls_x509_read_rsa_params ?


More information about the Gnutls-help mailing list