Hi Stephen. Thank you for your help! Finally, I think I got it!
I could get all the signer certificates using the (undocumented) function PKCS7_cert_from_signer_info. My algorithm is the following: 1) Get all the PKCS7_SIGNER_INFO with PKCS7_get_signer_info 2) Loop through the PKCS7_SIGNER_INFO got at the point 1 3) Get the signer certificate with PKCS7_cert_from_signer_info 4) Get all the counter signatures of the current signer info 5) for every counter signature (type PKCS7_SIGNER_INFO), jump recursively at the step 3. Do you think this is the right way to proceed? Thank you in advance, Massimiliano Ziccardi On Fri, May 30, 2008 at 12:19 PM, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > On Fri, May 30, 2008, Massimiliano Ziccardi wrote: > > > Hi all. > > The attached file is the PEM encoding of a file structured this way: > > > > SIGNATURE 1 > > COUNTER SIGNATURE 1 of SIGNATURE 1 > > COUNTER SIGNATURE 1 of COUNTER SIGNATURE 1 of SIGNATURE 1 > > > > each signer has a different signature certificate (3 certificate total). > > > > Why the > > STACK_OF(X509) *pSigners = PKCS7_get0_signers(m_pP7, NULL, 0); > > > > retruns only 1 certificate? > > > > OpenSSL doesn't have automatic support for counter signatures. It only > returns > the signer for SIGNATURE 1 in your example. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >