The PKCS7_BINARY flags don't work on verify...only sign and encrypt. I wrote a function to do the conversion...but it takes more time to read a file twice... :( Any other ideas?
Thanks for your help! Victor > When I use the function: > > PKCS7_verify(pkcs7, chain, store, pkcs7BIO, outBIO); It has an extra 'flags' argument. > I get ^M in my output file (using unix). Is there a reason for this? > If so is there perhaps a flag to disable it? Try PKCS7_BINARY as 'flags'. Some standards require the MIME headers line endings (and only those) to be "canonicalized" to \r\n (carriage return and linefeed) before checking (or creating when sending) the signature. In practice the MIME headers are mostly already in the preferred format for both sender and receiver, and PKCS7_BINARY is then the best solution. But of course you do get a _different_ signature when using PKCS7_BINARY on "non-canonicalized" MIME headers. So if the sender used \r\n as MIME header line endings, you have to verify the signature using those first and then change them later if they bother you. -- Marco Roeland ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
