Re: verifying certificate

Gisela Acosta Thu, 16 Aug 2001 07:41:17 -0700


Hi,
Thanks for your answer.
Your are right. The certificate that I've used isn't certified for email. It's
Verisign Netscape Object Signing* Digital ID.
I need to verify a signed file, not an email.
Should I use X509_PURPOSE_SMIME_SIGN or another one?
What is the puropose to check the purpose? What could the problem be if I'd use
X509_PURPOSE_ANY?

Here it's a signed message example:

Thanks!!
Gisela

-----BEGIN PKCS7-----
MIIGvAYJKoZIhvcNAQcCoIIGrTCCBqkCAQExCzAJBgUrDgMCGgUAMIGhBgkqhkiG
9w0BBwGggZMEgZBDdWl0PTI3MjE5MTg1ODkzDQpJbXBvcnRlPTEwMDA1DQpQZXJp
b2RvLWZpc2NhbD0wNDIwMA0KRm9ybXVsYXJpbz0xMDANCkNvZC1zZWctc2FtPTAx
DQpOcm8tdHJ4LXNhbT00MQ0KRGVzY3JpLWZvcm09MTAwDQpGZWNoYS1jYXB0dXJh
PTAxLzAxLzAxDQqgggRpMIIEZTCCA86gAwIBAgIQG4SFGY2PeG6MG6Gv4kluQzAN
BgkqhkiG9w0BAQIFADCByDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2ln
bi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMp
OTgxRDBCBgNVBAMTO1ZlcmlTaWduIENsYXNzIDMgQ0EgLSBDb21tZXJjaWFsIENv
bnRlbnQvU29mdHdhcmUgUHVibGlzaGVyMB4XDTAxMDczMDAwMDAwMFoXDTAyMDcz
MDIzNTk1OVowggEfMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMW
VmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNv
bS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5OTE1
MDMGA1UECxMsRGlnaXRhbCBJRCBDbGFzcyAzIC0gTmV0c2NhcGUgT2JqZWN0IFNp
Z25pbmcxFjAUBgNVBAMUDVJlZCBMaW5rIFMuQS4xETAPBgNVBAsUCFNlY3VyaXR5
MRUwEwYDVQQHEwxCdWVub3MgQWlyZXMxFTATBgNVBAgTDEJ1ZW5vcyBBaXJlczEL
MAkGA1UEBhMCQVIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL/2yfd0svQW
lTaqOc/b04fMzCvRRXtDFq2ZwXozX6Rlz+OukZCX4kL6mr6//nOzd1QCqIB77Vtn
ekxXViP+UxRuV5ys6/TpDbmM4t2LCdlBLG2qLVH9kqWAK0+H9+g7COaKs1MSUQ/I
2skmrsLENleIrc9wRvcgTg5KPcci53NDAgMBAAGjgfUwgfIwCQYDVR0TBAIwADAL
BgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgQQMIGsBgNVHSAEgaQwgaEwgZ4G
C2CGSAGG+EUBBwEBMIGOMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2ln
bi5jb20vQ1BTMGIGCCsGAQUFBwICMFYwFRYOVmVyaVNpZ24sIEluYy4wAwIBARo9
VmVyaVNpZ24ncyBDUFMgaW5jb3JwLiBieSByZWZlcmVuY2UgbGlhYi4gbHRkLiAo
Yyk5NyBWZXJpU2lnbjAWBgorBgEEAYI3AgEbBAgwBgEB/wEB/zANBgkqhkiG9w0B
AQIFAAOBgQBsC1NU1vHt2zeXWUgN/Yag2KcqY6sSYBbO0HDgki+jC6F0H2VUV5uh
cykJSv+uuVKoaD+tV6Ps/hekRb1c/su3MIhwGqGpIGuMCZaKU2SD4YL6xL+ZJFjN
q9guXnU/1slEFFmOmXjWp9Dg0qPcT36GrhrzzyfpyjRGYXmBaB2zgjGCAYQwggGA
AgEBMIHdMIHIMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy
aVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9y
ZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODFEMEIG
A1UEAxM7VmVyaVNpZ24gQ2xhc3MgMyBDQSAtIENvbW1lcmNpYWwgQ29udGVudC9T
b2Z0d2FyZSBQdWJsaXNoZXICEBuEhRmNj3hujBuhr+JJbkMwCQYFKw4DAhoFADAN
BgkqhkiG9w0BAQEFAASBgHBLoqNy+qlBcCHF3lW6/c+ofCmNCP8cjINPeBotwWUG
GxMh8iCe9a2aCa+n5PmmZ+1zYZBY6BmHAgFXZPGyPtJJ24RHaAiyRjbgAXwTJdTt
9KHrSdL7Ps46Mkvb6z/GjasZx2NTdYgGaE0c+aa/N/5VrMQvngLwIvmIH1HkVY+a
-----END PKCS7-----




----------------------------------
Gisela Acosta
Gerencia de Desarrollo de Sistemas
Red Link S.A.
Tel: (5411)4317-1400 INT 1516
http://www.redlink.com.ar
----------------------------------







Dr S N Henson <[EMAIL PROTECTED]> on 16/08/2001 10:58:06

Please respond to [EMAIL PROTECTED]
                                                                                
                                                                                
                                                                                


                                                              
                                                              
                                                              
 To:      [EMAIL PROTECTED]                           
                                                              
 cc:      (bcc: Gisela Acosta/Red Link S.A.)                  
                                                              
                                                              
                                                              
 Subject: Re: verifying certificate                           
                                                              








Gisela Acosta wrote:
>
> Hi,
> I've signed my message with a netscape certificate. When I try to verify it,
the
> following error occurs:
> 26: unsupported certificate purpose
> I set the ctx structure with X509_PURPOSE_SMIME_SIGN, like it's in verify.c.
> I tried setting the structure whith X509_PURPOSE_ANY, and it seems to work
fine,
> but I don't know if it's correct to do this.
>
> If I use crypto/pkcs7/server.pem I don't have that problem ... but I need to
use
> the other certificate! :-)
>
> Has anybody any idea what is happening?
>

Its rejecting your certificate because it doesn't like something about
it, such as it isn't certified for email or one of the CA certificates
is invalid

Without seeing the certificate chain its rejecting I can't be more
specific. Could you post a signed message example that does this?

Steve.
--
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: verifying certificate

Reply via email to
