On 07.07.2012 23:27, Dr. Stephen Henson wrote: > > I added an option -force_pubkey to the OpenSSL 'x509' utility > to do this. It is only in HEAD at present.
Hi Steve, that's excellent! If I am not mistaken, this is exactly what one would also need in order to use the pubkey in individually trusted S/MIME-Certs when the issuing CA is categorically untrusted. One could simply create a cert for local use in encryption/signature-validation from one's own trusty CA. Are there any plans to include your patch in vanilla openssl anytime soon? Thanks, Mike ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org