If an auth_level (i.e., security_level, but not quite, because Viktor) was set on the X509_VERIFY_PARAM in the X509_STORE_CTX, the verifier would reject RSA-PSS or EdDSA certificates for insufficient security bits due to incorrect use of OBJ_find_sigid_algs() (this was also a bug in the initial security level implementation in OpenSSL 1.1). Using X509_get_signature_info() fixes this while preserving behavior for all other algorithms. Reported by Steffen Ullrich as one of multiple issues with RSA-PSS. ok jsing