Working with 0.9.8j, I have cobbled together a function that
verifies a signed S/MIME message and checks the signing cert
against a CRL. Essentially, I've stripped apps/smime.c and
apps/crl.c of all their command-line stuff and anything else
I don't need.
I've noticed that the CRL validation fails if I don't set the
check_time value appropriately. But, among all the various
X509_STORE_set_foo() functions there is no X509_STORE_set_time().
I have implemented it as:
void X509_STORE_set_time(X509_STORE *ctx, time_t time)
{
X509_VERIFY_PARAM_set_time(ctx->param, time);
}
The fragment that calls this looks like:
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
X509_STORE_set_time(store, time(NULL));
if (PKCS7_verify(p7, other, store, indata, out, flags))
BIO_printf(bio_err, "Verification successful\n");
else
{
BIO_printf(bio_err, "Verification failure\n");
goto end;
}
Is there a better way to do this that would feel less like crawling
through a side window? I'd like to use the front door, if I can find
it. :-)
Thanks!
Paul Allen
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
