[gnutls-help] Suport for signature algorithm (sha1WithRSA)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Oct 25 20:09:48 CEST 2013

On 10/25/2013 10:43 AM, Tobias Gruetzmacher wrote:

> while working with a self-signed certificate I got from a client, I
> noticed, certtool will spit out:
>     Signature Algorithm: unknown
> warning: signed using a broken signature algorithm that can be forged.
> while OpenSSL detects this correctly as:
>     Signature Algorithm: sha1WithRSA

that's odd.  SHA1 with RSA would normally be: 1.2.840.113549.1.1.5

> When I activate debugging I get this additional message:
> |<2>| Unknown SIGN OID: ''

how was this generated?


snd follow-on remarks suggest that this is a duplicate of the PKCS#1 OID
definitions.  I think that libNSS interprets this as a synonym.  maybe
gnutls should do the same?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131025/70277ec3/attachment-0001.sig>

More information about the Gnutls-help mailing list