On Fri, Mar 05, 2010, Bolet, Martin wrote: > > Hello, > > I hope this is the right place to ask this question: We were having trouble > with a CMS signature and we finally located the problem. The underlying > implementation interpreted the canonical DER encoding for SET-OF different > from the implementation that we were using. >
Just an initial comment here. I've seen all sorts of SET OF orderings some of which are definitely wrong. In the case of a PKCS#7 or CMS Signature (signed attributes I presume) OpenSSL doesn't reorder and performs the signature check on the received encoding. I'd be interested to know if OpenSSL can verify the two signatures correctly. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
