Hi,
If I use the PKCS7_NOCERTS flag and use NULL in the "signcert" argument, I still get
access violations.
The problem is in x509_cmp.c file in the X509_check_private_key() function.
The lines say:
int X509_check_private_key(X509 *x, EVP_PKEY *k)
{
EVP_PKEY *xk=NULL;
int ok=0;
xk=X509_get_pubkey(x);
if (xk->type != k->type)
since x is NULL, then xk is also NULL, so the "if" line crashes the application.
Any other ideas ?
Thanks,
Kim
-----Oprindelig meddelelse-----
Fra: Marco Roeland [mailto:[EMAIL PROTECTED] vegne af Marco Roeland
Sendt: 3. september 2004 11:16
Til: [EMAIL PROTECTED]
Cc: Hellan.Kim KHE
Emne: Re: Signed PKCS#7 without a certificate included ?
On Friday September 3rd 2004 Hellan.Kim KHE wrote:
> I'm trying to make a signed and encrypted PKCS#7 message with a
> footprint as small as possible. So my (probably dumb) question is: Is
> it possible not to include signers certificate in the PKCS#7 ? The
> PKCS7_Sign() function does not seem to allow it.
PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
BIO *data, int flags);
Use PKCS7_NOCERTS in the 'flags' argument.
> When the receiver wants to verify the signature, he then of course has
> to supply signers certificate himself somehow, in order to perform the
> verification.
Yes.
--
Marco Roeland
___________________________________________________________________
www.kmd.dk www.kundenet.kmd.dk www.eboks.dk www.civitas.dk www.netborger.dk
Hvis du har modtaget denne mail ved en fejl vil jeg gerne, at du informerer mig og
sletter den.
KMD skaber it-services, der fremmer effektivitet hos det offentlige, erhvervslivet og
borgerne.
If you received this e-mail by mistake, please notify me and delete it. Thank you.
Our mission is to enhance the efficiency of the public sector and improve its service
of the general public.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
