[botan-devel] X.509 signature algorithm decoding error
lloyd at randombit.net
Sun Jan 4 11:33:01 EST 2015
On Sun, Jan 04, 2015 at 02:01:50AM +0000, Uri Blumenthal wrote:
> 2. src/lib/cert/x509/x509cert.cpp incorrectly rejects certificates
> where different signing algorithms are used. These are the offending
> lines (99 and 100):
> if(sig_algo != sig_algo_inner)
> throw Decoding_Error("Algorithm identifier mismatch");
Can you send me example certificate(s) which cause this to trigger?
That check has been in place since 2006 and while it's been a while
since I read the PKIX docs my understanding is these two fields should
always be the same.
More information about the botan-devel