On Thu, Apr 14, 2005, Glenn Bullock wrote: > Dr. Henson, > > Thank you for your response and suggestion. I know the 1st email I sent was > a bit too long, but buried in the code I included in the first post was the > PKCS7_verify() call (shortened code is attached). I think the problem I may > be having lies in the fact that I'm not getting a certificate from the other > product's interface, but only a public key. As you know, PKCS7_verify > requires a STACKOF certs and a cert store setup. I think I was able to set > up the stack and cert store correctly, but am concerned my approach to > setting up the cert itself is incorrect. > > To be brief, when I've used the function: X509_set_pubkey(X509*, EVP_PKEY*) > in creating a new certificate, it has been to assign public key compliment > public key of the argument EVP_PKEY private key to the certificate. Is > there a way to assign a public key to a certificate as is, or does the > X509_set_pubkey know the difference between a public and private key. >
If you don't have the correct certificate there is little point in trying to make one yourself: it wont work for various reasons. PKCS7_verify() can extract certificates included in the message itself. If you use the 'smime' utility and give some details of the error message you get that will help. Better still post (or send me privately) a copy of the PKCS#7 message you are trying to verify. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
