wolfssl-examples icon indicating copy to clipboard operation
wolfssl-examples copied to clipboard
verified publisher icon wolfSSL

X9.146: Sign certificates with the right key

Open Frauschi opened this issue 1 year ago • 3 comments

Hi all,

The hybrid certificate X9.146 examples use the wrong private key for creating the alternative signature of the server certificate. The alternative signature must be created with the issuer's private key (as already indicated in the code comments), not with the private key related to the actual certificate. In case of the server certificate generation, this was not the case (the server key is used).

Frauschi avatar Mar 01 '24 15:03 Frauschi

Okay to test. Contributor agreement on file.

dgarske avatar Mar 01 '24 16:03 dgarske

Hi @Frauschi ,

Thank yo so much for this contribution. At first glance your change looks great and I'm pretty sure I will approve it, however, I think it depends on a corresponding PR in wolfSSL. I'll wait for that one to go in first. (https://github.com/wolfSSL/wolfssl/pull/7286)

anhu avatar Mar 01 '24 21:03 anhu

Hi @Frauschi , I hope you don't mind that I added a commit to this PR. I had to do the work anyways so to save you the trouble of doing it as well, I just pushed my change. For an explanation as to why I did this, please see your wolfssl PR.

anhu avatar Mar 08 '24 19:03 anhu

@wolfSSL-Bot , This is good to merge.

anhu avatar Apr 03 '24 20:04 anhu