You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a private key for the server: ./apps/openssl genpkey -algorithm qteslaI -out server.key
Create a key and CSR for the server ./apps/openssl req -new -newkey qteslaI -keyout server.key -out server.csr -nodes -subj "/CN=server" -days 365 -config apps/openssl.cnf
Sign the CSR, create server cert ./apps/openssl x509 -req -in server.csr -out server.crt -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365
The last step however fails with: Signature verification error 140249734448896:error:0D0C50C7:asn1 encoding routines:ASN1_item_verify:unknown signature algorithm:crypto/asn1/a_verify.c:111:
(tested with master branch of liboqs)
The text was updated successfully, but these errors were encountered:
Failing function is ASN1_item_verify in a_verify.c. It fails to locate the OQS alg, because they are not registered in the sigoid_srt array in obj_xref.h, and therefore the OBJ_find_sigid_by_algs function call fails. This is only triggered when dealing with chained cert issuance, a scenario not yet coverered in our unit tests; we'll need to add one.
We should be able to generate a server cert issued by a root CA using these instructions:
./apps/openssl req -x509 -new -newkey qteslaI -keyout rootCA.key -out rootCA.crt -nodes -subj "/CN=rootCA" -days 365 -config apps/openssl.cnf
./apps/openssl genpkey -algorithm qteslaI -out server.key
./apps/openssl req -new -newkey qteslaI -keyout server.key -out server.csr -nodes -subj "/CN=server" -days 365 -config apps/openssl.cnf
./apps/openssl x509 -req -in server.csr -out server.crt -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365
The last step however fails with:
Signature verification error 140249734448896:error:0D0C50C7:asn1 encoding routines:ASN1_item_verify:unknown signature algorithm:crypto/asn1/a_verify.c:111:
(tested with master branch of liboqs)
The text was updated successfully, but these errors were encountered: