2 files changed, 31 insertions, 5 deletions

diff --git a/src/compat.erl b/src/compat.erl
new file mode 100644
index 0000000..bc3101d
--- /dev/null
+++ b/src/compat.erl
@@ -0,0 +1,29 @@
+-module(compat).
+-export([unpack_issuer/1, unpack_signature/1]).
+-include_lib("public_key/include/public_key.hrl").
+
+unpack_issuer(Issuer) ->
+    unpack_issuer(erlang:system_info(otp_release), Issuer).
+unpack_signature(Signature) ->
+    unpack_signature(erlang:system_info(otp_release), Signature).
+
+%% @doc Dig out alg, params and key from issuer.
+unpack_issuer(17, Issuer) ->
+    #'SubjectPublicKeyInfo'{
+       algorithm = #'AlgorithmIdentifier'{algorithm = Alg, parameters = Params},
+       subjectPublicKey = {0, Key}} = Issuer,
+    {Alg, Params, Key};
+unpack_issuer(18, Issuer) ->
+    #'SubjectPublicKeyInfo'{
+       algorithm = #'AlgorithmIdentifier'{algorithm = Alg, parameters = Params},
+       subjectPublicKey = Key} = Issuer,
+    {Alg, Params, Key}.
+
+%% @doc Unpack a #'Certificate'.signature, return the signature.
+unpack_signature(17, Signature) ->
+    {_, Sig} = Signature,
+    Sig;
+unpack_signature(18, Signature) ->
+    Signature.
+
+
diff --git a/src/x509.erl b/src/x509.erl
index 279d9b9..2d4cffa 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -171,10 +171,7 @@ signed_by_p(SubjectDer, IssuerDer) ->
     end.
 
 verify_sig(IssuerSPKI, {DigestOrPlainText, DigestType, Signature}) ->
-    %% Dig out alg, params and key from issuer.
-    #'SubjectPublicKeyInfo'{
-       algorithm = #'AlgorithmIdentifier'{algorithm = Alg, parameters = Params},
-       subjectPublicKey = {0, Key0}} = IssuerSPKI,
+    {Alg, Params, Key0} = compat:unpack_issuer(IssuerSPKI),
     KeyType = pubkey_cert_records:supportedPublicKeyAlgorithms(Alg),
     IssuerKey =
         case KeyType of
@@ -196,7 +193,7 @@ verify_sig(IssuerSPKI, {DigestOrPlainText, DigestType, Signature}) ->
 %% Code from pubkey_cert:extract_verify_data/2.
 extract_verify_data(Cert, DerCert) ->
     PlainText = encoded_tbs_cert(DerCert),
-    {_, Sig} = Cert#'Certificate'.signature,
+    Sig = compat:unpack_signature(Cert#'Certificate'.signature),
     SigAlgRecord = Cert#'Certificate'.signatureAlgorithm,
     SigAlg = SigAlgRecord#'AlgorithmIdentifier'.algorithm,
     try