You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is printing a different field from the X.509 structure. The first one is the signature algorithm from the tbsCertificate, the second one is the signature algorithm from the top level sequence. See the RFC5280.
Yes, this is confusing but that's the way it is. And yeah those values could be different although that would make a malformed, non-compliant X.509.
Thanks. I guess I misread the docs. Perhaps one or both of them could have new labels that would make the distinction clearer. Or, since 5280 says the two must be the same, perhaps emit one only when it is different from the other, and mark it as an error.
Thanks. I guess I misread the docs. Perhaps one or both of them could have new labels that would make the distinction clearer. Or, since 5280 says the two must be the same, perhaps emit one only when it is different from the other, and mark it as an error.
Yeah, something like this could be considered as a feature.
Inspecting the source, it looks like they are reporting the same thing. Still, it's confusing.
OpenSSL 3.0.13, Solaris-supplied and Cygwin-supplied.
The text was updated successfully, but these errors were encountered: