Open dwmw2 opened 1 year ago
Building with --disable-digestsign
seems to fix it
Looks like it also producing invalid signatures
What version of openssl were you using? I ran into this same issue and realized that since I was using openssl 3.0.13, according to the README, I should be using tpm2-openssl instead of tpm2-tss.
This is part of the self-tests in OpenConnect, using software TPM and even hardware TPM as part of its test suite: https://gitlab.com/openconnect/openconnect/-/blob/v9.12/tests/Makefile.am
I generate a key in the TPM, generate a CSR for it, attempt to sign it with my test CA, and get an error:
It's the same for RSA and EC(secp256r1) keys.
If I use the other engine to generate the CSR, it works: