Well, the wolfssl docs hint that the first function, called before your extract, on line 137, "wc_InitCert" always initialised it to RSA
initializes a default cert, with the default options:
version = 3 (0x2), serial = 0, sigType = SHA_WITH_RSA,
I have not tried to follow the upstream source to see if that gets overwritten later, but that might be at least one explanation why your cert showed the first sha1WithRSAEncryption
I guess that this requires some input from the wolfssl people. We are too laymen to quickly get into the bottom of why there are mixed algorithm types even though our function calls should already be properly using only ec or rsa.
Hopefully we get some feedback from upstream.
Fixed with:
random footnote... curl seems to be the only thing pulling wolfssl stuff into my imagebuilder image ( similar to hnyman my builds try to go with openssl everything )...
if anyone in the future is able to make curl not just depend on wolfssl that would be lovely... cheers.
If you compile with the full toolchain (like I do), you can nicely set curl to depend on openssl.
As explanation, the curl package has not been modified to have variants so that there would be different versions available for imagebuilder. The SSL library selection is just a compile time option, available when compiling from sources.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.