diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-12-16 14:02:56 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-12-16 14:03:57 +0100 |
commit | 6cc022a099f3d13a8da59850a553a050703a01e7 (patch) | |
tree | 020574b3fe15ad46b9fbeee42ea6c05e40042f3f /lib/x509/pkcs7.c | |
parent | 0dd5c078ad6db71f60a107dc0cdf78637baeafe1 (diff) | |
download | gnutls-6cc022a099f3d13a8da59850a553a050703a01e7.tar.gz |
pkcs7: use the PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7 structures
That is because there are implementations which cannot cope with the
normal RSA signature OIDs. Relates #59
Diffstat (limited to 'lib/x509/pkcs7.c')
-rw-r--r-- | lib/x509/pkcs7.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index ad527deb7b..b09e7c8a42 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -2051,7 +2051,12 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, /* write the signature algorithm */ pk = gnutls_x509_crt_get_pk_algorithm(signer, NULL); - ret = _gnutls_x509_write_sig_params(pkcs7->signed_data, "signerInfos.?LAST.signatureAlgorithm", pk, dig); + /* RFC5652 is silent on what the values would be and initially I assumed that + * typical signature algorithms should be set. However RFC2315 (PKCS#7) mentions + * that a generic RSA OID should be used. We switch to this "unexpected" value + * because some implementations cannot cope with the "expected" signature values. + */ + ret = _gnutls_x509_write_sig_params(pkcs7->signed_data, "signerInfos.?LAST.signatureAlgorithm", pk, dig, 1); if (ret < 0) { gnutls_assert(); goto cleanup; |