openssl smime and certificates chains in signatures?
My understanding is that usually there's a complete certificates chain in a smime signature. Is there a way to extract _all_ the certificates in the chain using openssl command? openssl pkcs7 -print_certs seems to extract only the signer's certificate and not any of the intermediate or CA certificates. Cheers! Dima __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Example of OpenSSL Multithreading
On Mon, 27 Aug 2001 14:50:39 -0400, you wrote:
unsigned long SSL_pthreads_thread_id(void) {
unsigned long ret;
ret=(unsigned long)pthread_self();
return(ret);
}
The return type of pthread_self(), pthread_t, is not necessary a type
castable to unsigned long, which makes this piece somewhat non-portable.
Unfortunately, the function signature requires it:
void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
Yes, this is a pain. On those places where pthread_t is a scalar type,
it will work; on places where it's a struct, it will probably fail to
compile. You can work around that by doing
pthread_t me = pthread_self()
unsigned long ret;
memcpy(ret, me, sizeof ret)
return ret
But that's probably getting valid, but wrong and buggy :), code.
Very, very buggy ;-) - nobody says that first sizeof ret bytes of me
aren't anything but some flags that are pretty much the same for all
pthread_t values.
The attached code compiles, and should work portably. Something like it
should be used as a replacement for pthreads_thread_id that is currently
in crypto/threads/th-lock.c and for the code snippet above.
Another variant could be
unsigned long SSL_pthreads_thread_id(void)
{
/*** if (tid == 0) this check was a bad idea, for further
discussion of weak memory models and
aggressive optimization techniques you are
welcome to comp.programming.threads ***/
/*** anyway, pthread_once is not too good either - something
like a C++ constructor on a global static variable would be
much better ***/
pthread_once(tid_once, init_openssl_tid);
/* this is not 100% kosher, but still ... */
return (unsigned long) pthread_getspecific(tid_key);
}
This all is sort of anal retentive, but hey - that's what the craft is
all about :-)
/r$
Dima
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Example of OpenSSL Multithreading
On Tue, 28 Aug 2001 12:13:40 -0400, you wrote: /*** anyway, pthread_once is not too good either - something like a C++ constructor on a global static variable would be much better ***/ pthread_once(tid_once, init_openssl_tid); That's not portable -- go look at the netscape/mozilla guidelines. Particularly if you'ure putting openssl in a shared library. And requiring C++ for threads to work seems like a very bad thing. Too bad there's no standard on what dlopen() should do with constructors sections. But we can always ./configure anything we want, can't we? Oh well... /* this is not 100% kosher, but still ... */ return (unsigned long) pthread_getspecific(tid_key); C'mon. You can't complain about pthread_t/ulong and not feel bad trying to do void*/ulong. Believe me, I do feel bad about it :-) At least, most compilers won't choke on it even if pthread_t is not scalar. Well, scrap it anyway. At the cost of one ulong-sized indirect memory fetch, the code I wrote is completely correct and portable. Absolutely. /r$ Cheers! Dima __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
