[openssl.org #96] bug in config script (gcc 3.1)

2002-06-12 Thread Lutz Jaenicke via RT 


[[EMAIL PROTECTED] - Thu Jun 13 08:34:54 2002]:

> The "config" script needs to use "gcc -dumpversion"
> instead of "gcc --version" to determine the gcc version.
> gcc-3.1 outputs a bunch of text with "--version", but
> just the number with "-dumpversion", which also works for
> gcc-2.95.

Sounds like a possible solution to the problem of gcc version
recognition. The solution being included currently doesn't seem to be
sufficient (see thread "Various patches for 0.9.6d and 0.9.7-beta1",
I have added [EMAIL PROTECTED] as another requestor for this
ticket).

For how long this flag has been supported? I suppose it will work on
CYGWIN as well.

Best regards,
   Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #96] bug in config script

2002-06-12 Thread Allen Hopkins via RT 


The "config" script needs to use "gcc -dumpversion"
instead of "gcc --version" to determine the gcc version.
gcc-3.1 outputs a bunch of text with "--version", but
just the number with "-dumpversion", which also works for
gcc-2.95.

Sorry if this is old news, which it may be.

-Allen Hopkins
UCBerkeley
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

d2i_PKCS7

2002-06-12 Thread 龚向阳 



Hi:
  I found there is something wrong in 
crypto/asn1/asn1_mac.h and crypto/pkcs7/pk7_lib.c
 
in crypto/asn1/asn1_mac.h 
 
the OLD code is:
  #define M_ASN1_D2I_get(b,func) 
\ c.q=c.p; \ if (func(&(b),&c.p,c.slen) == NULL) 
\  {c.line=__LINE__; goto err; } 
\ c.slen-=(c.p-c.q);
 
and I changed it to:
 
#define M_ASN1_D2I_get(b,func) 
\ c.q=c.p; \    if 
(c.p+c.slen>c.max)\  {c.line=__LINE__; goto err; } 
\ if (func(&(b),&c.p,c.slen) == NULL) 
\  {c.line=__LINE__; goto err; } 
\ c.slen-=(c.p-c.q);
 
in crypto/pkcs7/pk7_lib.c
 
X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO 
*si) {//gongxy 2000 MODIFY BEGIN /* if 
(PKCS7_type_is_signed(p7))  return(X509_find_by_issuer_and_serial(p7->d.sign->cert,   si->issuer_and_serial->issuer,   si->issuer_and_serial->serial)); else  return(NULL);  */if 
(PKCS7_type_is_signed(p7))  return(X509_find_by_issuer_and_serial(p7->d.sign->cert,   si->issuer_and_serial->issuer,   si->issuer_and_serial->serial));if 
(PKCS7_type_is_signedAndEnveloped(p7))   
return(X509_find_by_issuer_and_serial(p7->d.signed_and_enveloped->cert,   si->issuer_and_serial->issuer,   si->issuer_and_serial->serial));  
return(NULL);//gongxy 2000 MODIFY END }
Is it OK ?
 

[openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-12 Thread Lutz Jaenicke via RT 


As already pointed out in additional emails in openssl-dev:
* the change will stay in place, thus NID_x500UniqueIdentifier
  will be the macro to use starting with OpenSSL 0.9.7
* I have not activated the "original" meaning of uniqueIdentifier and
  it will not be done before 0.9.8 in order to prevent silent failure.
* I have added appropriate documentation in CHANGES, NEWS, FAQ.

Best regards,
   Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #95] SSL_CTX_set_client_cert_cb error ?

2002-06-12 Thread Lutz Jaenicke via RT 


The manual page about SSL_CTX_set_client_cert_cb was simply wrong.
What in hell did I smoke when writing it? Or was it simply too late
at night??

Anyway, I have just checked in a new version:
If a certificate was already set, the client_cert_cb will never be
called. Once it is called and returns a certificate, the certificate
will be set for this SSL object and the callback will not be called again.

Sorry for any confusion caused.

Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #95] SSL_CTX_set_client_cert_cb error ?

2002-06-12 Thread Sohns Erik via RT 


Hello,

the callback I set with SSL_CTX_set_client_cert_cb() is never called, even
though SSL_CTX_get_client_cert_cb(), if called afterwards, returns a
non-NULL-value. I use OpenSSL 0.9.7 beta 1.
Any hints ?

Greetings
Erik
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

draft-ietf-pkix-certstore-http hashes?

2002-06-12 Thread Bear Giles 

I remember mentioning this a while back, but don't think anything
ever came from it.

Are there any plans to add convenience functions for the hashes
specified in draft-ietf-pkix-certstore-http?  (This proposed
document provides some implementation details for RFC2585, and
basically maps a URL of the form query?attribute=value to a
(multipart) MIME response containing the DER-encoded certificate(s)
with Content-Type: application/pkix-cert or application/pkix-crl.)

Specifically, the draft RFC borrows from Gutman to require 
base64-encoded SHA-1 hashes of the subject and issuer X509_NAME
fields, the issuer X509_NAME concatenated with the serial number,
the entire certificate (the "fingerprint"), and a base64-encoded
subject key id.  These are identified as sHash, iHash, iAndSHash,
(fingerprint?) and sKID, respectively.  I think Gutman also
mentioned an aKID hash, but it's not mentioned in this document.

I know that something similar is covered by the new OCSP routines,
but the OCSP_CERTID doesn't provide all of the hashes or wrap it
up into a nice base64-encoded string.  Obviously OCSP provides a
much cleaner interface, but it requires a larger investment than
some CGI-BIN scripts to handle these simple lookups.  But this
implies that there code will be used by people unfamiliar with
the library internals - there needs to either be some convenience
functions and/or additional options to openssl x509.

I can provide some simple (and probably horribly coded) code to
implement these hashes, if somebody has a suggestion for a good
name.  Right now I'm using

  int b64_shash (char *, size_t, X509 *);
  int b64_ihash (char *, size_t, X509 *);
  int b64_iandshash (char *, size_t, X509 *);
  int b64_skid (char *, size_t, X509 *);
  int b64_fingerprint (char *, size_t, X509 *);

but I'm not sure that either the prefix or signature would be
good long-term choices.

Bear
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: othername in subjectAltName

2002-06-12 Thread Jean-Marc Desperrier 

Michael Bell wrote:

>Rich Salz schrieb:
>  
>
>>>OtherName ::= SEQUENCE {
>>>type-idOBJECT IDENTIFIER,
>>>value  [0] EXPLICIT ANY DEFINED BY type-id }
>>>  
>>>
>>It means that the type-id OID defines the datatype of the value.  Think
>>of it as a union.
>>
>>
>So the software must now the datatypes of all used OIDs if it wants to
>decode this sequence?
>  
>
Yes.
It can only decode the sequence for OIDs it knows in advance, but this 
leaves people free to use their own OID with totally arbitrary content.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

file attachment and signing.

2002-06-12 Thread Mehdi Jabal Ameli 



hi,
I want to send a signed email which have file 
attachment.
I want to this function in Perl 
language.
any one can help me?
 
 
Mehdi Jabalameli [EMAIL PROTECTED]ce.sharif.edu/~jabalameli

Re: othername in subjectAltName

2002-06-12 Thread Michael Bell 

Rich Salz schrieb:
> 
> > OtherName ::= SEQUENCE {
> > type-idOBJECT IDENTIFIER,
> > value  [0] EXPLICIT ANY DEFINED BY type-id }
> 
> It means that the type-id OID defines the datatype of the value.  Think
> of it as a union.

So the software must now the datatypes of all used OIDs if it wants to
decode this sequence?

Michael
-- 
---
Michael Bell   Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email:  [EMAIL PROTECTED]
Humboldt-University of Berlin  Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax:  +49 (0)30-2093 2959
10099 Berlin
Germany   http://www.openca.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-12 Thread Jeffrey Altman 

> Sorry for not including you into the discussion. I only cared about the
> problem itself, which also pops up in mod_ssl, so I didn't even realize
> that we were talking about your package.
> 
> Anyway:
> NID_uniqueIdentifier _may_ be re-enabled at some point in the future
> with its original meaning
> # The following clashes with 2.5.4.45, so commented away
> #pilotAttributeType 44  : uid   : uniqueIdentifier

where original meaning == pilotAttributeType

That is fine.  

> I would therefore propose to not code dependant on
>   #ifdef NID_uniqueIdentifier
> but by OpenSSL version number.

Right, I actually already changed this to be dependent not on the item
that is in conflict but based on the item we agree is stable.

> This discussion started 1 week ago with corresponding problems reported
> in the mod_ssl mailing lists. As nobody else spoke up in that regard,
> it is my intention to leave everything as is, make sure that the item
> is pointed out in CHANGES (maybe even NEWS) and declare the problem to
> be "resolved" this way.
> I have not yet decided about pilotAttributeType 44, but will probably leave
> it disabled until the 0.9.8 release of OpenSSL, so that applications not
> conforming to the new naming will not compile instead of silently using
> a wrong interpretation.

I completely agree with this approach.  It did not come up for me in
the last week because C-Kermit has consistently been kept in sync with
the 0.9.7 development builds.



 Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
 The Kermit Project @ Columbia University  SSH, Secure Telnet, Secure FTP, HTTP
 http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and 
 [EMAIL PROTECTED]   OpenSSL.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-12 Thread Lutz Jaenicke 

On Wed, Jun 12, 2002 at 09:22:22AM -0400, Jeffrey Altman wrote:
> Gang.  It is a little uncool to be having a long lengthy discussion of
> someone's supported code without involving them in the discussion.  As
> it turns out all of the issues that have been addressed in this thread
> related to C-Kermit had already been handled in the C-Kermit Daily
> builds.
> 
>   http://www.kermit-project.org/ckdaily.html

Sorry for not including you into the discussion. I only cared about the
problem itself, which also pops up in mod_ssl, so I didn't even realize
that we were talking about your package.

Anyway:
NID_uniqueIdentifier _may_ be re-enabled at some point in the future
with its original meaning
# The following clashes with 2.5.4.45, so commented away
#pilotAttributeType 44  : uid   : uniqueIdentifier

I would therefore propose to not code dependant on
  #ifdef NID_uniqueIdentifier
but by OpenSSL version number.

This discussion started 1 week ago with corresponding problems reported
in the mod_ssl mailing lists. As nobody else spoke up in that regard,
it is my intention to leave everything as is, make sure that the item
is pointed out in CHANGES (maybe even NEWS) and declare the problem to
be "resolved" this way.
I have not yet decided about pilotAttributeType 44, but will probably leave
it disabled until the 0.9.8 release of OpenSSL, so that applications not
conforming to the new naming will not compile instead of silently using
a wrong interpretation.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: othername in subjectAltName

2002-06-12 Thread Rich Salz 

> OtherName ::= SEQUENCE {
> type-idOBJECT IDENTIFIER,
> value  [0] EXPLICIT ANY DEFINED BY type-id }

It means that the type-id OID defines the datatype of the value.  Think 
of it as a union.

An alternative scheme would be to make the "value" be OCTET STRING, but 
then you'd have to buffer and re-decode.

/r$


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #94] build Problems

2002-06-12 Thread \"\" Jamie L.Lipinski \" via RT\" 


Thanks for the reply, there's a weird line in the math.h file #include
"math.h", my c++ is not good, so I don't know what it means.  I made a
local copy and commented out the line and it built successfully.  Thanks
for your reply.

Regards,
Jamie Lipinski

Lutz Jaenicke via RT wrote:
> 
> [[EMAIL PROTECTED] - Tue Jun 11 19:53:21 2002]:
> 
> > Hello,
> >   I'm getting the following error when I try and build openssh-0.9.6d
> > while running the make command:
> >
> > cc -I.. -I../.. -I../../include -KPIC -DTHREADS -D_REENTRANT
> > -DDSO_DLFCN
> > -DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend
> > -Xa
> > -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM  -c  rmd_one.c
> > ar r ../../libcrypto.a rmd_dgst.o rmd_one.o
> > You may get an error following this line. Please ignore.
> > /usr/ccs/bin/ranlib ../../libcrypto.a
> > making all in crypto/des...
> > cc -I.. -I../.. -I../../include -KPIC -DTHREADS -D_REENTRANT
> > -DDSO_DLFCN
> > -DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend
> > -Xa
> > -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM  -c  set_key.c
> > "/usr/include/math.h", line 7: cannot open include file (too many open
> > files): 
> > "/usr/include/math.h", line 9: cannot open include file (too many open
> > files): "math.h"
> 
> I am not sure what is going on, but I would guess, that you have a kind
> of infinite loop. In line 9 of math.h seems to be included from math.h,
> which does not make sense to me.
> 
> > Compiler version:
> > odyssey%root%Jamie> cc -V
> > cc: Sun WorkShop 6 update 2 C 5.3 2001/05/15
> > usage: cc [ options] files.  Use 'cc -flags' for details
> >
> > O/S Version:
> > SunOS odyssey 5.8 Generic_108528-14 sun4u sparc SUNW,Sun-Blade-1000
> >
> > Any help you can provide is greatly appreciated.  I have tried the
> > builds on the beta version and version 0.9.6b, which is what we use.
> > I'm setting up a firewall and trying to get openssl/openssh to work.
> 
> You do have the same problems with 0.9.6b and 0.9.7-beta1, don't you.
> For me it seems, that your build system is broken.
> 
> Best regards,
>Lutz

-- 
--- Computing and Information Services Division -
Jamie Lipinski  http://cisd.stsci.edu/support
Network Security Manager410-338-4847
[EMAIL PROTECTED]  [EMAIL PROTECTED] x4400
Public Key: http://certserver.pgp.com 2048 RSA
 CISD: Your partner for computing and information solutions -
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #82] `NID_uniqueIdentifier' undeclared (first use in this function)

2002-06-12 Thread Jeffrey Altman 

Gang.  It is a little uncool to be having a long lengthy discussion of
someone's supported code without involving them in the discussion.  As
it turns out all of the issues that have been addressed in this thread
related to C-Kermit had already been handled in the C-Kermit Daily
builds.

  http://www.kermit-project.org/ckdaily.html


> > Also, markus@ created this temp patch:
> > +@@ -102,6 +104,13 @@
> > + !ERROR This module requires OpenSSL 0.9.5a or higher
> > + #endif /* OPENSSL_VERSION_NUMBER */
> > + #endif /* SSLDLL */
> > ++
> > ++#if OPENSSL_VERSION_NUMBER < 0x00907000L
> > ++#else
> > ++  #ifndef NID_UniqueIdentifier
> > ++  #define NID_uniqueIdentifier NID_x500UniqueIdentifier
> > ++  #endif
> > ++#endif
> > +
> > + static int auth_ssl_valid = 0;
> > + static char *auth_ssl_name = 0;/* this holds the oneline name */
> 
> That looks better, but not finally good enough. I think that the correct
> solution would be something like:
> * Replace all occurences of NID_UniqueIdentifier with 
>   ID_X500UniqueIdentifier.
> * Then:
> #if OPENSSL_VERSION_NUMBER < 0x00907000L
> #define NID_X500UniqueIdentifier NID_UniqueIdentifier
> #endif
> 
> Of course, this will still break compatibility with application not
> especially prepared.
> 
> Best regards,
> Lutz
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 



 Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
 The Kermit Project @ Columbia University  SSH, Secure Telnet, Secure FTP, HTTP
 http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and 
 [EMAIL PROTECTED]   OpenSSL.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #94] build Problems

2002-06-12 Thread Lutz Jaenicke via RT 


[[EMAIL PROTECTED] - Tue Jun 11 19:53:21 2002]:

> Hello,
>   I'm getting the following error when I try and build openssh-0.9.6d
> while running the make command:
> 
> cc -I.. -I../.. -I../../include -KPIC -DTHREADS -D_REENTRANT
> -DDSO_DLFCN
> -DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend
> -Xa
> -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM  -c  rmd_one.c
> ar r ../../libcrypto.a rmd_dgst.o rmd_one.o
> You may get an error following this line. Please ignore.
> /usr/ccs/bin/ranlib ../../libcrypto.a
> making all in crypto/des...
> cc -I.. -I../.. -I../../include -KPIC -DTHREADS -D_REENTRANT
> -DDSO_DLFCN
> -DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend
> -Xa
> -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM  -c  set_key.c
> "/usr/include/math.h", line 7: cannot open include file (too many open
> files): 
> "/usr/include/math.h", line 9: cannot open include file (too many open
> files): "math.h"

I am not sure what is going on, but I would guess, that you have a kind
of infinite loop. In line 9 of math.h seems to be included from math.h,
which does not make sense to me.

> Compiler version:
> odyssey%root%Jamie> cc -V
> cc: Sun WorkShop 6 update 2 C 5.3 2001/05/15
> usage: cc [ options] files.  Use 'cc -flags' for details
> 
> O/S Version:
> SunOS odyssey 5.8 Generic_108528-14 sun4u sparc SUNW,Sun-Blade-1000
> 
> Any help you can provide is greatly appreciated.  I have tried the
> builds on the beta version and version 0.9.6b, which is what we use.
> I'm setting up a firewall and trying to get openssl/openssh to work.

You do have the same problems with 0.9.6b and 0.9.7-beta1, don't you.
For me it seems, that your build system is broken.

Best regards,
   Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: othername in subjectAltName

2002-06-12 Thread Michael Bell 

Hi,

I read RFC 3280 4.2.1.7 again.

OtherName ::= SEQUENCE {
type-idOBJECT IDENTIFIER,
value  [0] EXPLICIT ANY DEFINED BY type-id }

Does "EXPLICIT ANY DEFINED BY type-id" mean that the software (e.g.
OpenSSL) must know which ASN1-type does the type-id require?

If the answer is yes then we must extend objects.txt and change the
perlscripts. It's a lot of work for such a small change.

Michael 
-- 
---
Michael Bell   Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email:  [EMAIL PROTECTED]
Humboldt-University of Berlin  Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax:  +49 (0)30-2093 2959
10099 Berlin
Germany   http://www.openca.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: othername in subjectAltName

2002-06-12 Thread Vadim Fedukovich 

On Wed, Jun 12, 2002 at 09:07:40AM +0200, Michael Bell wrote:
> Vadim Fedukovich schrieb:
> > 
> > On Tue, Jun 11, 2002 at 01:46:40PM +0200, Michael Bell wrote:
> > > Hi,
> > >
> > > I start a simple implementation of othername only for strings in the
> > > subject alternative name. Actually I have a problem with the resolving
> > > of the ASN1_TYPE.
> > >
> > > OTHERNAME is defined like this in crypto/x509v3/x509v3.h:
> > >
> > > typedef struct otherName_st {
> > > ASN1_OBJECT *type_id;
> > > ASN1_TYPE *value;
> > > } OTHERNAME;
> > >
> > > The problem is that I must do a typecast to store a special type in
> > > *value but I must know the type in crypto/asn1/tasn_enc.c where
> > > ASN1_item_ex_i2d must calculate the length of the sequence.
> > >
> > > The code crashs in the loop after /* First work out sequence content
> > > length */ at the second iteration in the line
> > >
> > > seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt);
> > >
> > > Is there a trick to get the type from the structure or must I change
> > > x509v3.h (ASN1_TYPE --> ASN1_CHOICE) and define the supported
> > > ASN1-types?
> > 
> > "Policy" certificate extension generator may be an example to do this.
> > Naina package: http://www.unity.net/~vf/naina_r1.tgz
> 
> Not really. The problem is that value can be every (!!!) ASN1_TYPE. So
> is there a difference in the resulting ASN1 if I use an ASN1_CHOICE to
> build the structure?

ASN1_TYPE could be handly for two-pass encoding while ASN1_CHOICE
will do it at once. Any type could be encoded at the 1st step.

> typedef struct otherName_st {
> ASN1_OBJECT *type_id;
> ASN1_CHOICE *value;
> }
> 
> ASN1_CHOICE(OTHERNAME) = {
>...
> } ASN1_CHOICE_END(OTHERNAME)
> 
> (including new unions etc.)
> 
> Is this compatible with ASN1_TYPE *value?

I dont know object-based choice technique and would also like to learn it.
It may be useful for parsing pkcs7 signed parts of SET messages.

Vadim
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]