Marco Russo wrote:
>
> Hi all.
> I' m looking at the PKCS7_sign function:
>
> ....
> if(!(flags & PKCS7_NOCERTS)) {
> PKCS7_add_certificate(p7, signcert);
> if(certs) for(i = 0; i < sk_X509_num(certs); i++)
> PKCS7_add_certificate(p7, sk_X509_value(certs, i));
> }
> ....
>
> Why can't I include additional certificates in the p7 struct without
> include signer certificate too?
> I think it should be a legal p7 structure. Or not?
>
PKCS7_sign() is a high level interface to the underlying functions. As
such is just does the more common things. You can use the lower level
stuff if you want finer control.
In this case however you can call PKCS7_add_certificate() yourself on
the PKCS7 structure returned by PKCS7_sign().
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
