which is self signed (but I don't think that matters here). The interesting part is that it is using curve P-384 but hash algorithm SHA-256. This is even the OpenSSL default when creating a EC certificate. Yet, the certificate fails to signature check in a call to verify_signature. After setting the break point at https://github.com/rusticata/x509-parser/blob/x509-parser-0.12.0/src/certificate.rs#L142 I found that
which is not correct it should probably be ECDSA_P384_SHA256_ASN1. Due to the incorrect curve size the verification already fails when parsing the public key in ring.
I tried to verify the following certificate:
which is self signed (but I don't think that matters here). The interesting part is that it is using curve P-384 but hash algorithm SHA-256. This is even the OpenSSL default when creating a EC certificate. Yet, the certificate fails to signature check in a call to
verify_signature
. After setting the break point at https://github.com/rusticata/x509-parser/blob/x509-parser-0.12.0/src/certificate.rs#L142 I found thatwhich is not correct it should probably be
ECDSA_P384_SHA256_ASN1
. Due to the incorrect curve size the verification already fails when parsing the public key in ring.This is the certificate: cert.zip