On Thu, Aug 18, 2005, Peter BENKO,VSE IT Sluzby,+421-55-610-2045,+421-903-855532 wrote:
> Hi > > I have the certificate with following purpose: > openssl x509 -purpose -noout -in crt.pem > Certificate purposes: > SSL client : Yes > SSL client CA : No > SSL server : No > SSL server CA : No > Netscape SSL server : No > Netscape SSL server CA : No > S/MIME signing : Yes > S/MIME signing CA : No > S/MIME encryption : No > S/MIME encryption CA : No > CRL signing : No > CRL signing CA : No > Any Purpose : Yes > Any Purpose CA : Yes > OCSP helper : Yes > OCSP helper CA : No > > ... ie certificate for SMIME signing. > > But... > openssl smime -encrypt -in msg.txt -out msg.txt.p7m -text crt.pem > works well > > How it is possible that I'm able to encrypt with this certificate? > OpenSSL doesn't currently enforce certificate ussages when it encrypts, decrypts or signs S/MIME data. It does give a verification error if an inappropriate usage is present when it verifies an S/MIME message though. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
