Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-150993

OBJ_find_sigid_algs() returns NID_undef for ML-DSA certificate

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-10.3
    • rhel-10.2
    • curl
    • None
    • None
    • None
    • rhel-plumbers
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Seen in program that uses libcurl to communicate over https. The TLS handshake works but when libcurl tries to validate the certificate over OCSP it fails with a NID_undef digest algorithm

      The curl code in question starts at https://github.com/curl/curl/blob/master/lib/vtls/openssl.c#L5259

      What is the impact of this issue to you?

      this prevents certmonger from communicating with a CA because OCSP always fails.

      This is a blocker for PQC work. There is no support for channel binding with PQ. This is needed for GSSAPI.

      Upstream issue ticket: https://github.com/curl/curl/issues/20590

      Please provide the package NVR for which the bug is seen:

      openssl-3.5.5-1.fc44.x86_64

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1.  
      2.  
      3.  

      Expected results

      Actual results

              jmigacz@redhat.com Jacek Migacz
              ftrivino@redhat.com Francisco Trivino Garcia
              Jacek Migacz Jacek Migacz
              Daniel Rusek Daniel Rusek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: