New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl: only verify RSA private key if supported #1904
Conversation
Thanks, but needs a little polish. This was caught by the CI:
|
Ah crap. |
1b46c95
to
4b3ef9c
Compare
Updated the commit. I'm not happy about having to declare a |
You can add your new code that checks the private key within an extra set of { braces }, as then you can declare your own |
In some cases the RSA key does not support verifying it because it's located on a smart card, an engine wants to hide it, ... Check the flags on the key before trying to verify it. OpenSSL does the same thing internally; see ssl/ssl_rsa.c
4b3ef9c
to
a7bb4c3
Compare
Excellent, thank you! |
Thank you! |
In some cases the RSA key does not support verifying it because it's
located on a smart card, an engine wants to hide it, ...
Check the flags on the key before trying to verify it.
OpenSSL does the same thing internally; see ssl/ssl_rsa.c
The patch works for OpenSSL 1.0.1, 1.0.2 and 1.1.0.