nagendra <[EMAIL PROTECTED]> writes:
>I've appended the PKCS#7 request generated by IIS to the end of this email.
>IIS creates the header "BEGIN NEW CERTIFICATE REQUEST", which is interpreted
>as an old X509 request (see pem.h).
Ohgodohgod what a mess! That's PKCS #7 signed data containing a data payload
within which is a cert request with MS's gratuitously-incompatible CRMF
extensions which aren't CRMF extensions, one of which is a certificate which is
used to sign the PKCS #7 data.
I think non-MS applications should contain code to specifically reject this
type of stuff on the grounds that working with it probably violates portions of
the Geneva convention.
Peter.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
