Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

certinfo: b0rked pubkey/signature algorithm with openssl>=1.0.2 #3706

Closed
m6w6 opened this issue Mar 26, 2019 · 5 comments

Comments

@m6w6
Copy link
Contributor

commented Mar 26, 2019

I did this

Retrieved CURLINFO_CERTINFO

I expected the following

Sane Public Key/Signature Algorithm entries.

Got instead

==========
Public Key Algorithm:    Signature Algorithm: sha256WithRSAEncryption
sha256WithRSAEncryption
==========

curl/libcurl version

master + openssl 1.1.1b

operating system

Linux

Testcase

https://gist.github.com/m6w6/7acc0943b024eee3bdc60df70d1f8e3e

@bagder bagder added the SSL/TLS label Mar 26, 2019

@bagder

This comment has been minimized.

Copy link
Member

commented Mar 26, 2019

Ugh. That's one of the dark magic parts of the OpenSSL APIs that I really don't understand much. But yeah, I can confirm that running your test code with openssl 1.0.2 returns a different output than with an openssl 1.1.1 build for me as well. 😕

@m6w6

This comment has been minimized.

Copy link
Contributor Author

commented Mar 26, 2019

Yeah, I tried to fix it, but that openssl API is, well, ugh

@bagder bagder added the libcurl API label Apr 13, 2019

@bagder bagder added the help wanted label Jun 10, 2019

ngg added a commit to tresorit/curl that referenced this issue Jun 16, 2019

openssl: fix pubkey/signature algorithm detection in certinfo
Certinfo gives the same result for all OpenSSL versions.
Also made printing RSA pubkeys consistent with older versions.

Fixes curl#3706

ngg added a commit to tresorit/curl that referenced this issue Jun 16, 2019

openssl: fix pubkey/signature algorithm detection in certinfo
Certinfo gives the same result for all OpenSSL versions.
Also made printing RSA pubkeys consistent with older versions.

Fixes curl#3706
@bagder

This comment has been minimized.

Copy link
Member

commented Jun 17, 2019

@m6w6 can you confirm if #4030 fixes your case?

@m6w6

This comment has been minimized.

Copy link
Contributor Author

commented Jun 18, 2019

@m6w6 can you confirm if #4030 fixes your case?

Yes, it does!

@m6w6

This comment has been minimized.

Copy link
Contributor Author

commented Jun 18, 2019

Sorry, posted the output (now as expected) over at #4030

==========
Signature Algorithm:sha256WithRSAEncryption
==========
==========
Public Key Algorithm:id-ecPublicKey
==========
==========
Signature Algorithm:sha256WithRSAEncryption
==========
==========
Public Key Algorithm:rsaEncryption
==========

@bagder bagder closed this in 6c2b7d4 Jun 18, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.