[botan-devel] X.509 signature algorithm decoding error

Jack Lloyd lloyd at randombit.net
Sun Jan 4 11:33:01 EST 2015


On Sun, Jan 04, 2015 at 02:01:50AM +0000, Uri Blumenthal wrote:

> 2. src/lib/cert/x509/x509cert.cpp incorrectly rejects certificates
> where different signing algorithms are used. These are the offending
> lines (99 and 100):
> 
>     if(sig_algo != sig_algo_inner)
>        throw Decoding_Error("Algorithm identifier mismatch");

Hi Uri,

Can you send me example certificate(s) which cause this to trigger?
That check has been in place since 2006 and while it's been a while
since I read the PKIX docs my understanding is these two fields should
always be the same.

Cheers,
  Jack


More information about the botan-devel mailing list