On Thu, Jul 09, 2009, tlhackque wrote: > > openssl smime -verify doesn't validate that the From field's email address > matches the email address in the signer's certificate. > > It should. In fact, per RFC 2312 section 3.1, it MUST: "Receiving agents > MUST check that the address in the From header of a mail message matches an > Internet mail address in the signer's certificate. " >
The "smime" utility is a useful tool for manipulating S/MIME and PKCS#7 structures. It is *not* a mail client. If scripts or applications use it that way they are at fault. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
