Provide X509_CRL_get0_tbs_sigalg()

X509_CRL_get0_tbs_sigalg() corresponds to X509_get0_tbs_sigalg() and retrieves the AlgorithmIdentifier inside the TBSCertList which is not currently accessible in any sane way from public API. This PR adds X509_get0_tbs_sigalg() to the public API, documents it, adds a simple regress check so there is coverage and mentions the addition in CHANGES.md. On top of that, fix a typo in .gitignore and clean up some order inconsistencies in X509_get0_signature.pod. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27971)
2026-01-18 17:11:31 +01:00 · 2025-07-06 13:55:52 +02:00
parent 13259a758a
commit 21f1b677d5
7 changed files with 34 additions and 9 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -117,6 +117,11 @@ OpenSSL 3.6

   *Dimitri John Ledkov*

+ * Add X509_CRL_get0_tbs_sigalg() accessor for the signature AlgorithmIdentifier
+   inside a CRL's TBSCertList.
+
+   *Theo Buehler*
+
 * HKDF with (SHA-256, SHA-384, SHA-512) has assigned OIDs. Added ability to load
   HKDF configured with these explicit digests by name or OID.