Nelson B wrote: > > Jim, > > I think that any details of CMS internals are off-topic here. > I'd guess that your conjecture about that data being a flattened > Java object is probably right, given that CMS is written in Java. > If you're a CMS licensee, then there should be official support > channels available to you. > > However, I'm curious. When you last wrote, a few months ago, you > were having issues with the order of certs in a PKCS7 message. > (or so we conjectured. IIRC, you didn't make any examples public, > and so we could only speculate about the real problem). > Are you now trying to use CMS to work around that issue? > If so, it's probably a lot easier to just reissue the original CA's > PKCS7 messages with the certs reordered. You might even be able to > do that with cmsutil (not sure). > > -- > Nelson B
Nelson, Thanks for responding, and "good memory" :). I have confirmed that the data is a serialized Java stream, and I did finally get some contact from "official channels". It turns out that there was some code in the CMS distribution (part of the upgrade tools) that was helpful. Basically, I think that what I needed were some of the classes that were serialized, so that I could cast them after bringing them back into Java. Got that working this week. BTW, re. "off-topic", I noticed that some of that code mentioned above used some of the NSS (and JSS) stuff. Since that's the case, wouldn't this discussion be "at least a little" on-topic? The reason that I'm asking is that I had a really hard time finding any information about CMS, and it's (the product) seemed to have bounced from Netscape, to AOL/Netscape, to Sun, and now to "I don't know who", and it seems like this is one of the few places that might have people who are familiar with it. As for your question/comment re. the previous situation with the CA certs, no, this latest question was for a new project. On that previous one, I did try to convince the CA that they had a problem, but I don't think they ever believed me. I posted about this awhile ago, because after that, I ran across a user who also had the problem show up, where they just "clicked through" the warning about the cert not being trusted (because the trust purposes on the CA cert weren't set). Anyway, you (and everyone else here) have a good weekend and holiday!! Jim _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
