Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

certinfo: b0rked pubkey/signature algorithm with openssl>=1.0.2 #3706

Closed
m6w6 opened this issue Mar 26, 2019 · 5 comments
Closed

certinfo: b0rked pubkey/signature algorithm with openssl>=1.0.2 #3706

m6w6 opened this issue Mar 26, 2019 · 5 comments
Labels
help wanted libcurl API TLS

Comments

@m6w6
Copy link
Contributor

m6w6 commented Mar 26, 2019

I did this

Retrieved CURLINFO_CERTINFO

I expected the following

Sane Public Key/Signature Algorithm entries.

Got instead

==========
Public Key Algorithm:    Signature Algorithm: sha256WithRSAEncryption
sha256WithRSAEncryption
==========

curl/libcurl version

master + openssl 1.1.1b

operating system

Linux

Testcase

https://gist.github.com/m6w6/7acc0943b024eee3bdc60df70d1f8e3e
@bagder bagder added the TLS label Mar 26, 2019
@bagder
Copy link
Member

bagder commented Mar 26, 2019

Ugh. That's one of the dark magic parts of the OpenSSL APIs that I really don't understand much. But yeah, I can confirm that running your test code with openssl 1.0.2 returns a different output than with an openssl 1.1.1 build for me as well. 😕

@m6w6
Copy link
Contributor Author

m6w6 commented Mar 26, 2019

Yeah, I tried to fix it, but that openssl API is, well, ugh

ngg added a commit to tresorit/curl that referenced this issue Jun 16, 2019
@ngg
openssl: fix pubkey/signature algorithm detection in certinfo
65642ea 
Certinfo gives the same result for all OpenSSL versions.
Also made printing RSA pubkeys consistent with older versions.

Fixes curl#3706
@ngg ngg mentioned this issue Jun 16, 2019
Closed
ngg added a commit to tresorit/curl that referenced this issue Jun 16, 2019
@ngg
openssl: fix pubkey/signature algorithm detection in certinfo
a8dc1ec 
Certinfo gives the same result for all OpenSSL versions.
Also made printing RSA pubkeys consistent with older versions.

Fixes curl#3706
@bagder
Copy link
Member

bagder commented Jun 17, 2019

@m6w6 can you confirm if #4030 fixes your case?

@m6w6
Copy link
Contributor Author

m6w6 commented Jun 18, 2019

@m6w6 can you confirm if #4030 fixes your case?

Yes, it does!

@m6w6
Copy link
Contributor Author

m6w6 commented Jun 18, 2019

Sorry, posted the output (now as expected) over at #4030

==========
Signature Algorithm:sha256WithRSAEncryption
==========
==========
Public Key Algorithm:id-ecPublicKey
==========
==========
Signature Algorithm:sha256WithRSAEncryption
==========
==========
Public Key Algorithm:rsaEncryption
==========

@bagder bagder closed this as completed in 6c2b7d4 Jun 18, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Sep 16, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted libcurl API TLS
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

openssl: fix pubkey/signature algorithm detection in certinfo tresorit/curl
2 participants
@bagder @m6w6