[exim-dev] [Bug 674] exim can't verify sha256WithRSAEncrypti…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 674] exim can't verify sha256WithRSAEncryption signature in X. 509 certificates when linked against OpenSSL
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=674

Phil Pennock <exim-dev@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |exim-dev@???





--- Comment #1 from Phil Pennock <exim-dev@???> 2008-02-22 10:00:36 ---
Which version of OpenSSL is this? ("openssl version" command)

I'm running OpenSSL 0.9.8g and the man-page for SSL_library_init() states:

       SSL_library_init() registers the available ciphers and digests.


       OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are
       synonyms for SSL_library_init().
...
EXAMPLES
       A typical TLS/SSL application will start with the library
       initialization, will provide readable error messages and will seed the
       PRNG.


        SSL_load_error_strings();                /* readable error messages */
        SSL_library_init();                      /* initialize library */
        actions_to_seed_PRNG();


So whilst I'm not disputing that in your version it's needed, in my version
that would appear to result in a double initialisation (perhaps harmless?) and
it would be good to track down what version dependencies there are.

Looking for the first TLS instance in today's mainlog, I see:
X=TLSv1:DHE-RSA-AES256-SHA:256
so Exim 4.69 with OpenSSL 0.9.8g is getting the SHA256 digest function.
(FreeBSD 6.2, FWIW).

Thanks


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email