You are right, that the toplevel API doesn't have take a digest parameter. The only kind of signature you get is the "default" where default is defined per-key-type.
We should probably have PKCS7_sign_ex() that took a "const EVP_MD*" parameter. It'd be trivial to do this. Same for CMS_sign. Please open a ticket. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
