New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"openssl x509 -text" reports signature algorithm twice #24343
Comments
This is printing a different field from the X.509 structure. The first one is the signature algorithm from the tbsCertificate, the second one is the signature algorithm from the top level sequence. See the RFC5280. Yes, this is confusing but that's the way it is. And yeah those values could be different although that would make a malformed, non-compliant X.509. |
Thanks. I guess I misread the docs. Perhaps one or both of them could have new labels that would make the distinction clearer. Or, since 5280 says the two must be the same, perhaps emit one only when it is different from the other, and mark it as an error. |
Yeah, something like this could be considered as a feature. |
Inspecting the source, it looks like they are reporting the same thing. Still, it's confusing.
OpenSSL 3.0.13, Solaris-supplied and Cygwin-supplied.
The text was updated successfully, but these errors were encountered: