You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I am verifying ICAO CSCA certificates as shown in tests however because of the way ICAO Doc 9303-12 defines the EC public keys:
Those issuing States or organizations implementing ECDSA for signature generation or verification SHALL use [X9.62]
or [ISO/IEC 15946]. The elliptic curve domain parameters used to generate the ECDSA key pair MUST be described
explicitly in the parameters of the public key, i.e. parameters MUST be of type ECParameters (no named curves, no
implicit parameters) and MUST include the optional co-factor. ECPoints MUST be in uncompressed format.
I must support the explicit parameters in the public keys. Currently, when I try to verify a certificate, I get Certificate public key has explicit ECC parameters error. In openssl issue number 20117 (openssl/openssl#20117 (comment)), a solution to use X509_STORE_CTX_set_verify_cb was recommended. Indeed, if I could set this callback I could search for this error and continue parsing. Relevant lines in openssl are x509_vfy.c#172 and x509_vfy.c#570 where the check itself happens. Is there a possibility of exposing this function?
The text was updated successfully, but these errors were encountered:
Hi, I am verifying ICAO CSCA certificates as shown in tests however because of the way ICAO Doc 9303-12 defines the EC public keys:
I must support the explicit parameters in the public keys. Currently, when I try to verify a certificate, I get
Certificate public key has explicit ECC parameters
error. In openssl issue number 20117 (openssl/openssl#20117 (comment)), a solution to useX509_STORE_CTX_set_verify_cb
was recommended. Indeed, if I could set this callback I could search for this error and continue parsing. Relevant lines in openssl are x509_vfy.c#172 and x509_vfy.c#570 where the check itself happens. Is there a possibility of exposing this function?The text was updated successfully, but these errors were encountered: