Failed to issue server cert from root CA cert

[christianpaquin]

We should be able to generate a server cert issued by a root CA using these instructions:

1. Create self-signed root CA
   ./apps/openssl req -x509 -new -newkey qteslaI -keyout rootCA.key -out rootCA.crt -nodes -subj "/CN=rootCA" -days 365 -config apps/openssl.cnf
2. Create a private key for the server:
   ./apps/openssl genpkey -algorithm qteslaI -out server.key
3. Create a key and CSR for the server
   ./apps/openssl req -new -newkey qteslaI -keyout server.key -out server.csr -nodes -subj "/CN=server" -days 365 -config apps/openssl.cnf
4. Sign the CSR, create server cert
   ./apps/openssl x509 -req -in server.csr -out server.crt -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365

The last step however fails with:
Signature verification error 140249734448896:error:0D0C50C7:asn1 encoding routines:ASN1_item_verify:unknown signature algorithm:crypto/asn1/a_verify.c:111:

(tested with master branch of liboqs)

[christianpaquin]

Failing function is ASN1_item_verify in a_verify.c. It fails to locate the OQS alg, because they are not registered in the sigoid_srt array in obj_xref.h, and therefore the OBJ_find_sigid_by_algs function call fails. This is only triggered when dealing with chained cert issuance, a scenario not yet coverered in our unit tests; we'll need to add one.

Working on a fix.

[dstebila]

Resolved by PR #69.