关于tls_construct_cert_verify_ntls疑问

在tls_construct_cert_verify_ntls接口内部设置了默认的ID

<img width="544" height="182" alt="Image" src="https://github.com/user-attachments/assets/5eaafe15-8ae1-4330-a9d0-fc555858b74b" />

在tls_process_cert_verify_ntls中为了支持RFC8998，先设置了HANDSHAKE_SM2_ID然后再设置回SM2_DEFAULT_ID。

<img width="756" height="564" alt="Image" src="https://github.com/user-attachments/assets/57a8e6e0-4ca3-43dd-bb98-0b0514904d41" />

<img width="1045" height="155" alt="Image" src="https://github.com/user-attachments/assets/e1e49776-98e4-43ca-ada2-b917e7ad0930" />
使用engine时EVP_PKEY_is_a是NULL，因为用的不是provider，pkey->keymgmt是NULL，无法设置回SM2_DEFAULT_ID，导致在验签时使用的ID不一致，验签失败。只能在引擎中的digestverify分别使用SM2_DEFAULT_ID和HANDSHAKE_SM2_ID验签两次吗？

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

关于tls_construct_cert_verify_ntls疑问 #770

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

关于tls_construct_cert_verify_ntls疑问 #770

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions