"Wong, RYM (Richard)" wrote:
>
> Hi Massimiliano,
Hi,
> Thanks for your email message.
>
> I have three more questions about the software package
> "OpenCA-0.8.0-20010630.
>
> 1). I would like to know which file contains the initialization of the two
> variables 'SIGNER_SERIAL' and 'SIGNER_DN' that are used in the file
> 'cgi-bin/cmds/confirmReq'.
>
> "$item->getParsed()->{HEADER}->{OPERATOR} = $ENV{'SIGNER_SERIAL'};"
> "$item->getParsed()->{HEADER}->{OPERATOR_dn} = $ENV{'SIGNER_DN'};"
The script is the "appReq" on the RAServer.
> 2). On the 'CA operator' web page. If I follow the hyperlinks 'Archivied
> Requests ------> Serial No.' to display the information of user
> certification, the value of the field 'extensions' is empty. I expect to get
> 'user certification' appearing on the screen.
I am not sure I got your point, anyway the achivied requests are request already
processed by the CA -- the CA has issued the corresponding certificate).
> 3). In the file 'cgi-bin/lib/crypto-utils.lib' the line:
>
> "$sigCert = new OpenCA::X509 ( SHELL => $cryptoShell, DATA =>
> $sig->getSigner()->{CERTIFICATE});"
>
> I think $sigCert contains the certificate of RA operator and not the
> signer's certificate. Am I right or not?
Well, this function simply extracts the ceritificate of the signer of
the signature ($sig) and instantiate an X509 object. Usually in a PKCS#7
structure the signer's certificate is included. We extract it from the
structure and verify the DN to be the same as the DN of the certificate
present in the DB.
Deeper verification should be supported in the verification process...
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
S/MIME Cryptographic Signature
