On Thu, Jul 07, 2005, Fred Anderson wrote:
> Steve,
>
> Thanks for the reply. I was able to verify the signature using
> "openssl smime" like you suggested, and the d2i_PKCS7_fp function is
> returning a non-null value.
>
> I'm thinking now that the problem may be in the BIO structures I'm
> creating and passing to the verify function. Here's what I have:
>
> int ret;
> FILE *fp = fopen("pt2.out","rb");
> int fd = open("data.out",O_RDONLY);
> BIO *In, *Out;
> PKCS7 *p7 = NULL;
>
>
> p7 = d2i_PKCS7_fp(fp,NULL);
>
> In = BIO_new_fd(fd,BIO_NOCLOSE);
> Out = BIO_new(BIO_s_null());
>
> ret = PKCS7_verify(p7,NULL,NULL,In,Out,0);
> printf("Call returned %d\n",ret);
>
>
> where 'fd' is a file descriptor to a file containing the data
> (detached) for the signature I wish to verify. As the code stands, the
> PKCS7_verify is segfaulting.
>
> My apologies if this is basic stuff; I'm still a beginner with OpenSSL
> coding and having a hard time finding docs to explain the usage of the
> calls and how the calls all tie together.
>
You might find it easier to use:
BIO *foo = BIO_new_file("filename", "rb");
which is a BIO version of "fopen".
Also you need to include a trusted certificate store which includes the CAs
you trust. If you include the flag PKCS7_NOVERIFY it wont try to verify the
signers certificates: that's not useful for anything other than debugging
because anyone could create a PKCS#7 structure it would then verify as OK.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
