Gisela Acosta wrote:
>
> Hi,
> I've signed my message with a netscape certificate. When I try to verify it, the
> following error occurs:
> 26: unsupported certificate purpose
> I set the ctx structure with X509_PURPOSE_SMIME_SIGN, like it's in verify.c.
> I tried setting the structure whith X509_PURPOSE_ANY, and it seems to work fine,
> but I don't know if it's correct to do this.
>
> If I use crypto/pkcs7/server.pem I don't have that problem ... but I need to use
> the other certificate! :-)
>
> Has anybody any idea what is happening?
>
Its rejecting your certificate because it doesn't like something about
it, such as it isn't certified for email or one of the CA certificates
is invalid
Without seeing the certificate chain its rejecting I can't be more
specific. Could you post a signed message example that does this?
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
