Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

certinfo: b0rked pubkey/signature algorithm with openssl>=1.0.2 #3706

Closed
m6w6 opened this issue Mar 26, 2019 · 5 comments

Comments

@m6w6
Copy link
Contributor

@m6w6 m6w6 commented Mar 26, 2019

I did this

Retrieved CURLINFO_CERTINFO

I expected the following

Sane Public Key/Signature Algorithm entries.

Got instead

==========
Public Key Algorithm:    Signature Algorithm: sha256WithRSAEncryption
sha256WithRSAEncryption
==========

curl/libcurl version

master + openssl 1.1.1b

operating system

Linux

Testcase

https://gist.github.com/m6w6/7acc0943b024eee3bdc60df70d1f8e3e

@bagder bagder added the SSL/TLS label Mar 26, 2019
@bagder

This comment has been minimized.

Copy link
Member

@bagder bagder commented Mar 26, 2019

Ugh. That's one of the dark magic parts of the OpenSSL APIs that I really don't understand much. But yeah, I can confirm that running your test code with openssl 1.0.2 returns a different output than with an openssl 1.1.1 build for me as well. 😕

@m6w6

This comment has been minimized.

Copy link
Contributor Author

@m6w6 m6w6 commented Mar 26, 2019

Yeah, I tried to fix it, but that openssl API is, well, ugh

@bagder bagder added the libcurl API label Apr 13, 2019
@bagder bagder added the help wanted label Jun 10, 2019
ngg added a commit to tresorit/curl that referenced this issue Jun 16, 2019
Certinfo gives the same result for all OpenSSL versions.
Also made printing RSA pubkeys consistent with older versions.

Fixes curl#3706
ngg added a commit to tresorit/curl that referenced this issue Jun 16, 2019
Certinfo gives the same result for all OpenSSL versions.
Also made printing RSA pubkeys consistent with older versions.

Fixes curl#3706
@bagder

This comment has been minimized.

Copy link
Member

@bagder bagder commented Jun 17, 2019

@m6w6 can you confirm if #4030 fixes your case?

@m6w6

This comment has been minimized.

Copy link
Contributor Author

@m6w6 m6w6 commented Jun 18, 2019

@m6w6 can you confirm if #4030 fixes your case?

Yes, it does!

@m6w6

This comment has been minimized.

Copy link
Contributor Author

@m6w6 m6w6 commented Jun 18, 2019

Sorry, posted the output (now as expected) over at #4030

==========
Signature Algorithm:sha256WithRSAEncryption
==========
==========
Public Key Algorithm:id-ecPublicKey
==========
==========
Signature Algorithm:sha256WithRSAEncryption
==========
==========
Public Key Algorithm:rsaEncryption
==========
@bagder bagder closed this in 6c2b7d4 Jun 18, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Sep 16, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
2 participants
You can’t perform that action at this time.