Bruce Stephens wrote:
>
> "Andrew Back" <[EMAIL PROTECTED]> writes:
>
> > Has anyone used OpenSSL S/MIME module with UNIX MUAs? In particular Id be
> > interested in config for use with Pine & Mutt. Im hoping theres some glue
> > that makes things a bit more automatic than using OpenSSL command line.
>
> The bleeding-edge CVS version of Gnus (an emacs newsreader/MUA) has at
> least some support for it.
>
> Come to think of it, there was a problem found while adding the
> support: when verifying signed email, there doesn't seem to be an easy
> way of determining whether the email address matches what's in the
> certificate. Is that right, or did the guy miss some good way of
> doing this?
>
> [...]
>
There's a function X509_get1_email() which will retrieve a list of email
addresses both from the subject name and subjectAltName extensions and
arrange them in a STACK. From then its trivial to just compare each or
use sk_find().
Currently there aren't any functions that handle things like different
signing and encryption certificates or encryption capabilities. That has
to be largely done manually.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]