You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been testing ca setup (simple root + intermediary with dedicated ocsp keys) with ocsp certifcate used for signing being based on prime256v1 key. In such scenario, the response still claims it's signed using sha1withrsaencryption.
When comparing with openssl ocsp (server) behaviour, openssl returns correct data (and that's the only difference pretty much) - if you run diff over both responses:
--- good 2018-05-15 13:52:41.837180575 +0200
+++ bad 2018-05-15 13:52:41.837180575 +0200
@@ -22,11 +22,11 @@
This Update: May 15 11:52:41 2018 GMT
Next Update: May 15 11:57:41 2018 GMT
- Signature Algorithm: ecdsa-with-SHA256
- 30:45:02:21:00:87:ee:8f:fc:26:6c:ea:11:47:0b:83:8f:00:
- 3f:58:8a:d0:a3:9e:70:7e:f3:5d:dc:6c:93:44:aa:71:d1:fa:
- 0a:02:20:64:d2:01:08:19:81:c4:d4:90:d5:c5:bb:d9:a8:15:
- d6:f4:7a:d0:c1:ab:83:bf:31:37:9c:82:26:35:55:c2:5e
+ Signature Algorithm: sha1WithRSAEncryption
+ 30:44:02:20:15:fe:1e:90:b4:88:74:e4:2e:2a:73:3f:e9:66:
+ f4:d4:4f:bf:17:c6:8c:41:0a:2e:97:c4:76:9e:e1:eb:e0:b0:
+ 02:20:42:19:7e:78:c6:98:34:1e:37:9e:11:23:69:18:1b:fd:
+ 7a:39:f1:80:10:19:e9:67:5d:2a:a2:37:b9:cd:e7:4d
Certificate:
Data:
Version: 3 (0x2)
I've been testing ca setup (simple root + intermediary with dedicated ocsp keys) with ocsp certifcate used for signing being based on prime256v1 key. In such scenario, the response still claims it's signed using sha1withrsaencryption.
When comparing with openssl ocsp (server) behaviour, openssl returns correct data (and that's the only difference pretty much) - if you run diff over both responses:
openssl ocsp client complains about it this way:
If I change ocsp key to rsa, everything works fine.
The text was updated successfully, but these errors were encountered: