Hi,
I have a PKCS7 signed message and I am trying to verify the signature
with OpenSSL. It fails because a certificate which was used to sign it
doesn't have "nonRepudiable" flag set.
And I have a question regarding this. Is this the requirement that a
certificate for PKCS7 should have this flag?
I read X509 RFC and PKCS7 RFC and wasn't able to find direct answer for
that. It mentions in X509 that digitalSignature _and/or_ nonRepudiable
flag should be set. So, I am not sure
whether it should be "and" or "or" in this case. And I didn't see any
references to these flags in PKCS7 either.
It's quite possible that I missed something regarding this RFC's. I
would appreciate if somebody can point out where OpenSSL got this
requirement (that noRepudiable flag should be set)?
Regards,
Victor Ronin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
