[gnutls-help] Suport for signature algorithm (sha1WithRSA)

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Oct 25 20:07:09 CEST 2013

On 10/25/2013 04:43 PM, Tobias Gruetzmacher wrote:
> Hi,
> while working with a self-signed certificate I got from a client, I
> noticed, certtool will spit out:
>     Signature Algorithm: unknown
> warning: signed using a broken signature algorithm that can be forged.
> while OpenSSL detects this correctly as:
>     Signature Algorithm: sha1WithRSA
> When I activate debugging I get this additional message:
> |<2>| Unknown SIGN OID: ''
> Would it be possible for GnuTLS to detect this correctly?

Interesting. The usual OID to use in a certificate is
However, we have already some fallback when some strange OIDs are
encountered. I'll also add your OID to the list. Could you send me the
certificate to test it is recognized?


More information about the Gnutls-help mailing list