On Thu, Jul 07, 2005, Fred Anderson wrote:
> I have a binary file with a DER-encoded SignedData structure in it. I
> can use the following command:
>
> $ openssl pkcs7 -inform DER -in pt2.out -print_certs -text
>
> and I get all sorts of expected information about the certificate in
> the structure, which indicates to me that the file's in the right
> format.
>
> I'm trying to load the SignedData into a PKCS7, so I can use the
> PKCS7_verify function to verify the signature in it. To do that, I'm
> calling d2i_PKCS7_fp. I receive no errors, but my PKCS7 is still
> empty.
>
> Here's the code I'm using:
>
> FILE *fp = fopen("pt2.out","rb");
> PKCS7 *p7 = NULL;
>
> ERR_load_PKCS7_strings();
> ERR_load_X509_strings();
>
> p7 = d2i_PKCS7_fp(fp,NULL);
>
> (I've also tried "p7 = d2i_PKCS7_fp(fp,&p7);" with the same results)
>
> Printing p7->detached and p7->length both show a zero. Calling
> PKCS7_verify with p7 gives a segmentation fault, while calling it with
> NULL returns a 0 (failure).
>
> I can't seem to find any real documentation on using the d2i_PKCS7_fp
> function, so I suspect I'm just doing something wrong. Can someone
> point me to something that gives a little explanation on using the
> function, or show me an example of using it?
>
If you get a non-NULL return from d2i_PKCS7_fp() the structure should be
basically OK. How are you calling PKCS7_verify?
You can perform this operation using the 'openssl smime' for example:
openssl smime -verify -inform DER -in whatever.der
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
