Re: PKCS#7 extract and verify certificate?

2010-03-01 Thread Steffen DETTMER
* Eisenacher, Patrick wrote on Tue, Feb 23, 2010 at 12:30 +0100: [...] The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. And no, I don't need

Re: PKCS#7 extract and verify certificate?

2010-02-23 Thread Patrick Patterson
On February 22, 2010 09:18:25 am Eisenacher, Patrick wrote: -Original Message- From: Patrick Patterson On 12/02/10 8:51 AM, skillz...@gmail.com wrote: Is there a way (via the API rather than the tool) to tell OpenSSL that the sub-CA certificate is trusted and it doesn't

RE: PKCS#7 extract and verify certificate?

2010-02-23 Thread Eisenacher, Patrick
Hi Patrick, sorry for the bad line-breaking, but I'm stuck here with a poor msa. -Original Message- From: Patrick Patterson On February 22, 2010 09:18:25 am Eisenacher, Patrick wrote: -Original Message- From: Patrick Patterson On 12/02/10 8:51 AM,

Re: PKCS#7 extract and verify certificate?

2010-02-23 Thread Dr. Stephen Henson
On Mon, Feb 22, 2010, Eisenacher, Patrick wrote: Unfortunately, the perceived verification algorithm is a limitation in openssl, which always wants to do path validation up to a self signed cert, even if no revocation checking is requested. And no, there's no way to modify its verification

RE: PKCS#7 extract and verify certificate?

2010-02-22 Thread Eisenacher, Patrick
-Original Message- From: Patrick Patterson On 12/02/10 8:51 AM, skillz...@gmail.com wrote: Is there a way (via the API rather than the tool) to tell OpenSSL that the sub-CA certificate is trusted and it doesn't need to walk further up the chain? For my case, I embed the sub-CA

Re: PKCS#7 extract and verify certificate?

2010-02-12 Thread skillzero
On Thu, Feb 11, 2010 at 1:31 PM, skillz...@gmail.com wrote: I have a DER-encoded PKCS#7 file that I'd like to extract the certificate from, verify that certificate against a specific sub-CA certificate, then use the certificate's public key to verify a signature. I looked at the code for

Re: PKCS#7 extract and verify certificate?

2010-02-12 Thread Patrick Patterson
On 12/02/10 8:51 AM, skillz...@gmail.com wrote: Is there a way (via the API rather than the tool) to tell OpenSSL that the sub-CA certificate is trusted and it doesn't need to walk further up the chain? For my case, I embed the sub-CA certificate in my code and I'm space constrained so I'd

PKCS#7 extract and verify certificate?

2010-02-11 Thread skillzero
I have a DER-encoded PKCS#7 file that I'd like to extract the certificate from, verify that certificate against a specific sub-CA certificate, then use the certificate's public key to verify a signature. I looked at the code for the pkcs7 tool and it looks directly inside the PKCS7 object to