/* having duplicate entries is ok, as long as the one
* we want to return OID from is first */
{"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
- {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA},
+ {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
+ {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
{"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
{"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
{"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},