-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Enable "Legacy" Providers for "Old Environments" #383
Comments
re:
I can imagine a lot devices are not able to import new-style PKCS#12 files and I would like to see an option to export in legacy format using XCA actually. Background story: I hit this after OpenSSL upgrade to 3.0.x in a different way. Exported .p12/.pfx files in XCA cannot be imported on Android devices (including latest Android 13) and would give a cryptic "Password incorrect" error while it actually fails to decrypt the new scheme due to lack of support for it. See StackOverflow Q&A: Installing pcks12 certificate in android "wrong password" bug |
Fixed with 9b749d7 |
This ancient, insecure algorithm is apparently still required by some systems.
Show the insecure algorithms with the postfix (insecure) in the dropdown menu. Since the "insecure" is translateable, put the algorithm NID into the data field of the combo-box entry to reliably find the correct entry by NID instead of text.
This ancient, insecure algorithm is apparently still required by some systems.
Show the insecure algorithms with the postfix (insecure) in the dropdown menu. Since the "insecure" is translateable, put the algorithm NID into the data field of the combo-box entry to reliably find the correct entry by NID instead of text.
This ancient, insecure algorithm is apparently still required by some systems.
Show the insecure algorithms with the postfix (insecure) in the dropdown menu. Since the "insecure" is translateable, put the algorithm NID into the data field of the combo-box entry to reliably find the correct entry by NID instead of text.
With OpenSSL 3.0, a number of older algorithms for signatures or crypto on things like P12 files are disabled outright due to SSL security settings changes. This makes importing things a little problematic for things a-la P12 importing or certificate importing.
Because of this still being a case with pfSense due to PHP stupidity that Sense is working on, certificates are exported in a way that modern OpenSSL and integrations won't work with, unless we permit programmatically "Legacy" provider for the import to be available to XCA. This would allow 'older' cert packages to be imported still and used.
While we should not permit exporting on these old legacy things, we should still permit "import" for modernization, etc. especially for privkeys.
The text was updated successfully, but these errors were encountered: