Hi,
with PKCS7_verify() you can provide a list of certificates which OpenSSL can
use to build and verify the chain. Either within the PKCS7 *p7 or with
STACK_OF(X509) *certs.
Is there some way to figure out which certificates in p7/certs are used (or not
used) to verify the chain?
Regards
Mi
Am Sat, 19 Sep 2015 23:09:16 +0200 schrieb Jakob Bohm :
> 1. The error should not call this "plain", this would lead
>to the same misunderstanding I had earlier.
Right. I'm not an advanced english speaker, I shouldn't name it at all. ;-)
Btw. In the meantime I think my last suggestion for a
Am Wed, 16 Sep 2015 08:55:51 +0200 schrieb Michael Heide
:
> My question now is: how to (proper) handle it?
Maybe a more sensible way to handle those signatures with OpenSSL is to still
not allow such things but instead return an error indicating success if it
/would/ be allowed to do it t
Am Tue, 15 Sep 2015 23:18:02 +0200 schrieb Jakob Bohm :
> Where is *1 ?
Sorry, never mind. I screwed it up...
> Of cause, this error is really at the PKCS#1 level, even
> though the PKCS#7 standard formally repeats that particular
> part of PKCS#7 due to ISO/OSI/ITU fun with BIT STRING vs.
> OCT
Am Mon, 14 Sep 2015 21:01:49 +0200 schrieb Jakob Bohm :
> > Seems to be a file with the same criteria here.
> That one is a big surprise to me.
Thanks.
(if it's a surprise to you, then it's ok to be a surprise for me too. ;-) )
> It seems that as late as in August 17 2015 (4 weeks ago),
> Syma
Am Mon, 14 Sep 2015 16:39:15 +0200 schrieb Jakob Bohm :
> Where can I see the actual file (Not the virustotal
> description of the signature), I would need to look
> at the actual details to make sense of this.
I think you have to use some kind of a subscription and use their APIs to
access thei
Am Fri, 11 Sep 2015 15:07:20 +0200 schrieb Jakob Bohm :
> 2.3.1 RFC2985 form Timestamp countersignature Attribute
This one.
> I have not encountered this before, which signing authority,
> AlgorithmIdentifier and year (first digits of timestamp) did
> you see this with?
Various intermediate ce
Hi,
I'm using OpenSSL to verify a (proprietary?) timestamp in Microsoft
Authenticode via PKCS7_verify() (in pk7_smime.c).
Those Timestamps are inside a PKCS7 SignerInfo Structure (OpenSSL type
PKCS7_SIGNER_INFO). I put those inside a PKCS7 to be able to use PKCS7_verify().
Most of them are ver
