"Hellan,Kim KHE" wrote:
>
> However, I had hoped that this functionality (verify/getText) could be
> separated. I am fully aware that in a "real" system it doesn't make sense to
> extract the text without doing a verify.
> But in a test environment, it would be nice to be able to extract the text
> from any PKCS#7 structure without having to worry about loading the right CA
> certificates.
> I don't know much about PKCS#7, so maybe this idea doesn't make sense at
> all..:-)
>
Well you can do this using PKCS7_verify() and passing the appropriate
flags. If you set the PKCS7_NOVERIFY flag it wont verify the
certificates if you set PKCS7_NOSIGS then it wont verify the signatures.
Set both and it should do what you want.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
