Hi, all,

It seems to me that for SMIME siganture verification, ALL CA certificates 
(including root and intermediate CAs) have to be included in the CA file 
specified in -CAfile option. I don't really understand why this should be 
enforced. In earlier version of OpenSSL there is an option -NOCHAIN for 
verification, but it seems to me that it has been removed in OpenSSL 0.9.6a. 
Does anybody know the reason?

If the intermediate CA certificates is included in the signature, why do I 
have to put intermediate CA certs in the CA files again? Do I have a work 
arround for this?

During the signature verification process, I also want to check the signer 
cert included in the signature matches a cert installed in my system. Does 
anyone know what is the best way to do this? If I specify -nointern and 
-certfile like following the proper way to do this?

openssl smime -verify -nointern -certfile usercert.pem -CAfile cafile.pem 
-in signature

Thanks in advance for any help.

Kate

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to