alexandru matei wrote:
>
> For now, I managed to make openca-verify work on both Netscape and IE
> signing (in .../pub/testcertificate). It seems that from signed text
> (IE) it chocked on "signed time". Since openca-verify is needed (i
> assume that the behaviour didn't change lately) for verifying
> signatures, for working with IE i attach the modified lines in verify.c
> The modification is that openca-verify don't check the signed time. (is
> this mandatory???)
Well, it is not as the time stated within the signature is generated on
the client and it can not be trusted...
> Perhaps Massimiliano can help us trough, if the signed time is needed.
Actually this could be stripped off... we could add a parameter where,
if used, the time is no more checked (or if used the time is checked) like
-notime ( or -checktime in the latter case).
> Alex
>
> //- from Alex - do we really need the time in signing???
> // if ((tm=get_signed_time(si)) != NULL) {
> // BIO_printf(bio_out," Signed time:
> ");
> // ASN1_UTCTIME_print(bio_out,tm);
> // ASN1_UTCTIME_free(tm);
> // BIO_printf(bio_out,"\n");
> // }
Your modify is simply to comment the code here quoted ?
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] madwolf at cpan.org
madwolf at openca.org
http://www.openca.org madwolf at hackmasters.net
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
