On 07.07.2012 23:27, Dr. Stephen Henson wrote:
> I added an option -force_pubkey to the OpenSSL 'x509' utility
> to do this. It is only in HEAD at present.

Hi Steve,

that's excellent! If I am not mistaken, this is exactly what one would
also need in order to use the pubkey in individually trusted
S/MIME-Certs when the issuing CA is categorically untrusted. One could
simply create a cert for local use in encryption/signature-validation
from one's own trusty CA.

Are there any plans to include your patch in vanilla openssl anytime soon?


OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to