[exim-dev] [Bug 674] exim can't verify sha256WithRSAEncrypti…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jakob Hirsch
Dátum:  
Címzett: exim-dev
Régi témák: [exim-dev] [Bug 674] New: exim can't verify sha256WithRSAEncryption signature in X. 509 certificates when linked against OpenSSL
Tárgy: [exim-dev] [Bug 674] exim can't verify sha256WithRSAEncryption signature in X.509 certificates when linked against OpenSSL
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=674

Jakob Hirsch <jh.exim-bugzilla@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jh.exim-bugzilla@???
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |





--- Comment #21 from Jakob Hirsch <jh.exim-bugzilla@???> 2009-10-18 11:54:53 ---
(In reply to comment #20)

> The description I wrote was >= 0.9.8 but the ifdef I wrote was > 0.9.8.


Isn't it a bit clumsy to care about version of external libs? We can simply
depend on OPENSSL_NO_SHA256, like the openssl people itself, e.g. in their
evp.h:

#ifndef OPENSSL_NO_SHA256
...

Don't know why they use reversed logic (I'd say, usually you have something
#define'd if the feature is available), but it should work nonetheless.

OTOH, the same applies to SHA512, so I wonder if there is no easier way to
simply include everything better. Reading the previous bug comments, openssl
should do that by default, but does not, so manually including SHA256 is a
pragmatic workaround, right?

And shouldn't we also add SHA224 for completeness? Hardly anybody will use it,
though...


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email