* Eisenacher, Patrick wrote on Tue, Feb 23, 2010 at 12:30 +0100:
[...]
> "The selection of a trust anchor is a matter of policy: it
>could be the top CA in a hierarchical PKI, the CA that
>issued the verifier's own certificate(s), or any other CA in
>a network PKI."
>
> And no, I don
On Mon, Feb 22, 2010, Eisenacher, Patrick wrote:
>
> Unfortunately, the perceived verification algorithm is a limitation in
> openssl, which always wants to do path validation up to a self signed cert,
> even if no revocation checking is requested. And no, there's no way to
> modify its verificat
Hi Patrick,
sorry for the bad line-breaking, but I'm stuck here with a poor msa.
> -Original Message-
> From: Patrick Patterson
>
> On February 22, 2010 09:18:25 am Eisenacher, Patrick wrote:
> > > -Original Message-
> > > From: Patrick Patterson
> > >
> > > On 12/02/10 8:51 AM, s
On February 22, 2010 09:18:25 am Eisenacher, Patrick wrote:
> > -Original Message-
> > From: Patrick Patterson
> >
> > On 12/02/10 8:51 AM, skillz...@gmail.com wrote:
> > > Is there a way (via the API rather than the tool) to tell
> >
> > OpenSSL that
> >
> > > the sub-CA certificate is tru
> -Original Message-
> From: Patrick Patterson
>
> On 12/02/10 8:51 AM, skillz...@gmail.com wrote:
> > Is there a way (via the API rather than the tool) to tell
> OpenSSL that
> > the sub-CA certificate is trusted and it doesn't need to
> walk further
> > up the chain? For my case, I embed
On 12/02/10 8:51 AM, skillz...@gmail.com wrote:
> Is there a way (via the API rather than the tool) to tell OpenSSL that
> the sub-CA certificate is trusted and it doesn't need to walk further
> up the chain? For my case, I embed the sub-CA certificate in my code
> and I'm space constrained so I'd
On Thu, Feb 11, 2010 at 1:31 PM, wrote:
> I have a DER-encoded PKCS#7 file that I'd like to extract the
> certificate from, verify that certificate against a specific sub-CA
> certificate, then use the certificate's public key to verify a
> signature.
>
> I looked at the code for the pkcs7 tool a
I have a DER-encoded PKCS#7 file that I'd like to extract the
certificate from, verify that certificate against a specific sub-CA
certificate, then use the certificate's public key to verify a
signature.
I looked at the code for the pkcs7 tool and it looks directly inside
the PKCS7 object to check
