You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all thank you for wrapping the OpenSSL calls in a webserver interface, very useful!
Problem: Regardless which digest algorithm is specified in the timestamp request, uts-server always applies the same digest algorithm to the timestamp response. Example: signtool sign /sha1 <CodeSignCert> /fd sha512 /tr http://uts-server /td sha512 file.exe
Expected result: The code signature as well as the timestamp both use SHA512. Actual behaviour: While the code signature is using SHA512, the timestamp is applied with a SHA256 digest. Changing the /td in the example parameter to any other value has no effect, uts-server always uses SHA256.
It seems that the code to select the digest algorithm is commented out in src/lib/rfc3161.c lin 154+ but I don't know enough about the timestamp query structure on how to extract this value.
Using TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx) I can set the digest algorithm to something else than sha256 via the uts-server configuration file (eg signer_digest = sha512), but then the algorithm is just hardcoded to something else and still not picked up from the request.
The text was updated successfully, but these errors were encountered:
First of all thank you for wrapping the OpenSSL calls in a webserver interface, very useful!
Problem: Regardless which digest algorithm is specified in the timestamp request, uts-server always applies the same digest algorithm to the timestamp response. Example:
signtool sign /sha1 <CodeSignCert> /fd sha512 /tr http://uts-server /td sha512 file.exeExpected result: The code signature as well as the timestamp both use SHA512.
Actual behaviour: While the code signature is using SHA512, the timestamp is applied with a SHA256 digest. Changing the
/tdin the example parameter to any other value has no effect, uts-server always uses SHA256.It seems that the code to select the digest algorithm is commented out in src/lib/rfc3161.c lin 154+ but I don't know enough about the timestamp query structure on how to extract this value.
Using TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx) I can set the digest algorithm to something else than sha256 via the uts-server configuration file (eg signer_digest = sha512), but then the algorithm is just hardcoded to something else and still not picked up from the request.
The text was updated successfully, but these errors were encountered: