Re: verify certificate - not from a file

2008-11-23 Thread ThanhTrung Do 
 From: Itay Dagan [EMAIL PROTECTED]
 Subject: verify certificate - not from a file
 To: openssl-dev@openssl.org
 Date: Monday, November 24, 2008, 12:37 AM
 Hi Guys 
 
 I am new in openssl - so hopfully I am not bringing up an
 old issue :
 
 I am trying to verify a certificate that I am saving as
 string in a random place on my PC memory.
 
 I know that there is the
 SSL_CTX_load_verify_locations() that verify
 certificate from a file or a path.
 
 My Q is :
 Does openssl supports taking certificate not from a file or
 path but from a place in the memory ?
 meaning - A function that gets a char* - reads the
 certificate from that location and verifying it.
  
 
 appreciate your help :)

I have the same need too, highly appreciate your helps.


  
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

OpenSSL 0.9.8i breaks SMIME sign/verify ??

2008-11-21 Thread ThanhTrung Do 
Hi forks,

I've been using OpenSSL 0.9.8h, I use it for SMIME sign/verify. I've just 
upgraded to OpenSSL 0.9.8i and my code doesn't work anymore.

The error is: [error:21075081:PKCS7 routines:PKCS7_verify:smime text error]

After spending sometime to investigate, I see the only diff is: the SMIME_text 
function (crypto/asn1/asn_mime.c) in 0.9.8i was added the check for len 
variable:

if (len  0)
return 0;

I don't know why we need this check. But my code works on 0.9.8h (the one 
without the check). Could someone give me a hint?

Here's is the code for signing:

...
flags = PKCS7_DETACHED;
flags |= PKCS7_STREAM;
flags |= PKCS7_NOCERTS;
flags |= PKCS7_TEXT;
p7 = PKCS7_sign(pCert,pPrivKey,NULL,in, flags);
if (!p7){
ret = ERRROR_INVALID;
goto done;
}
SMIME_write_PKCS7(out,p7,in, flags);



And here the code for verifying:

...
flags = PKCS7_NOVERIFY;
flags |= PKCS7_TEXT;
p7 = SMIME_read_PKCS7(in, indata);
if (!p7){
ret = ERROR_INVALID;
goto done;
}
certs = sk_X509_new_null();
sk_X509_push(certs,pCert);
if (PKCS7_verify(p7,certs,NULL,indata,out,flags)){
...


Thanks!


  
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]