On Thu, Jul 07, 2005, Fred Anderson wrote: > I have a binary file with a DER-encoded SignedData structure in it. I > can use the following command: > > $ openssl pkcs7 -inform DER -in pt2.out -print_certs -text > > and I get all sorts of expected information about the certificate in > the structure, which indicates to me that the file's in the right > format. > > I'm trying to load the SignedData into a PKCS7, so I can use the > PKCS7_verify function to verify the signature in it. To do that, I'm > calling d2i_PKCS7_fp. I receive no errors, but my PKCS7 is still > empty. > > Here's the code I'm using: > > FILE *fp = fopen("pt2.out","rb"); > PKCS7 *p7 = NULL; > > ERR_load_PKCS7_strings(); > ERR_load_X509_strings(); > > p7 = d2i_PKCS7_fp(fp,NULL); > > (I've also tried "p7 = d2i_PKCS7_fp(fp,&p7);" with the same results) > > Printing p7->detached and p7->length both show a zero. Calling > PKCS7_verify with p7 gives a segmentation fault, while calling it with > NULL returns a 0 (failure). > > I can't seem to find any real documentation on using the d2i_PKCS7_fp > function, so I suspect I'm just doing something wrong. Can someone > point me to something that gives a little explanation on using the > function, or show me an example of using it? >
If you get a non-NULL return from d2i_PKCS7_fp() the structure should be basically OK. How are you calling PKCS7_verify? You can perform this operation using the 'openssl smime' for example: openssl smime -verify -inform DER -in whatever.der Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]