Working around wrong algorithm specification in certificates

Nikos Mavrogiannopoulos nmav at
Tue Jul 20 09:48:12 CEST 2010

On Tue, Jul 20, 2010 at 1:14 AM, Mads Kiilerich <mads at> wrote:
>  Hi
> I am trying to use GnuTLS in an application where I for interoperability
> need to read the public key of x509 certificates.
> But gnutls_x509_crt_get_pk_rsa_raw fails - because
> gnutls_x509_crt_get_pk_algorithm returns GNUTLS_PK_UNKNOWN, because the
> public key oid is SIG_RSA_MD5_OID 1.2.840.113549.1.1.4 instead of the
> PK_PKIX1_RSA_OID 1.2.840.113549.1.1.1 it should have been.
> Do you have any idea how I can workaround that? In NSS and openssl it is
> possible to patch the parsed cert, but it seems like that isn't possible
> with GnuTLS?

Do you want to fix the certificate or just read it? If you want to
read it open gnutls_algorithms.c and add an extra entry to
pk_algorithms structure for RSA with the OID you describe. Then you
should be able to read the key. If you want to "fix" it I think this
is as easy as regenerating it.


More information about the Gnutls-help mailing list