Hey, the PKCS7_verify returns an error, but this error comes from the callback
function used with the certificateStore.
I'm getting the next error :
certificate signature failure
error:21075075:lib(33):func(117):reason(117)
//X509_STORE setup.
int verify_callback(int ok, X509_STORE_CTX *stor)
{
//userfriendly error handlin =>
X509_verify_cert_error_string(stor->error)
if (!ok)
cout <<
X509_verify_cert_error_string(stor->error) << endl;
//throw CCToolsException(QObject::tr("Error
with certificate store !").toLatin1(), SC_ERROR_UNKNOWN );
return ok;
}
This is the code I use to generate the S/MIME.
std::string createPKCS7(const ByteArray hash)
{
PKCS7 *pkcs7 = NULL;
BIO *in = NULL;
BIO *out = NULL;
BUF_MEM *bptr = NULL;
OpenSSL_add_all_algorithms();
unsigned char input[hash.size()];
for (int i = 0; i < hash.size(); i++)
{
input[i] = hash[i];
}
if (!(in = BIO_new(BIO_s_mem())) ||
!(BIO_puts(in,(const char *) input)) ||
!(out = BIO_new(BIO_s_mem())))
{
cout << "Error creating BIO objects" << endl;
}
if (!(pkcs7 = PKCS7_sign(cert, pkey, NULL, in, PKCS7_BINARY))) {
cout << "Error making the PKCS#7 object" << endl;
}
if (SMIME_write_PKCS7(out, pkcs7, in, PKCS7_BINARY) != 1) {
cout << ("Error writing the S/MIME data") << endl;
}
BIO_get_mem_ptr(out, &bptr);
BIO_set_close(out, BIO_NOCLOSE); // So BIO_free() leaves BUF_MEM alone
KILL_BIO(in);
KILL_BIO(out)
return std::string(bptr->data,bptr->length);
}
The S/MIME is stored like this in the ini file:
LicenseKey="MIME-Version: 1.0\nContent-Disposition: attachment;
filename=\"smime.p7m\"\nContent-Type: application/x-pkcs7-mime;
smime-type=signed-data; name=\"smime.p7m\"\nContent-Transfer-Encoding:
base64\n\nMIIJTgYJKoZIhvcNAQcCoIIJPzCCCTsCAQExCzAJBgUrDgMCGgUAMC0GCSqGSIb3\nDQEHAaAgBB6ZbOgCkGOF6wyUC0RgU3ia9MySD6BEZ6BI9/+/GB2gggWJMIIFhTCC\nA20CAQEwDQYJKoZIhvcNAQEFBQAwgYkxCzAJBgNVBAYTAlBUMQ8wDQYDVQQIEwZM\naXNib2ExDzANBgNVBAcTBkxpc2JvYTEOMAwGA1UEChMFWmV0ZXMxETAPBgNVBAsT\nCFBlb3BsZUlEMQ4wDAYDVQQDEwVaZXRlczElMCMGCSqGSIb3DQEJARYWYm9hdmlk\nYS5uQHB0LnpldGVzLmNvbTAeFw0wOTA2MjYxMTM5MjJaFw0xMjA2MjUxMTM5MjJa\nMIGGMQswCQYDVQQGEwJQVDEPMA0GA1UECBMGTGlzYm9hMQ8wDQYDVQQHEwZMaXNi\nb2ExDjAMBgNVBAoTBXRlc3RlMQ4wDAYDVQQLEwV0ZXN0ZTEOMAwGA1UEAxMFdGVz\ndGUxJTAjBgkqhkiG9w0BCQEWFmJvYXZpZGEubkBwdC56ZXRlcy5jb20wggIiMA0G\nCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKf+fwoearKwFBUnBgR8a2+U+mhO/1\nwKs4lVnfYUO/bIPUaNsJDFYX1qRGDVjbROkXzkEd2CvzMR2eJRHk4lgauLfZsxAE\nHWX3ML/RRugHwjbGocXNPV2tZ/hheEeHkjlz1D/c2t55UaPJBzl+IEuBxFBb3RIF\nVLCYiyO/HWvdwgSfCxYjeYVcZoxSOSNWoxSuv7dS6dNoQ2jWfs0OdwFDToPaee1f\n3SElGeDNn3OrbRES1rGU641IiwA1Jof+Uze0ViTyEewgZ52K4oj2JuCOISg3ffNN\nvmpedHmVpTUMPdEeIrdC5qHfqka7/XPl9ulOfxKHYZuwTuWwRzHY1uThXrP1EInW\nOR//aYKE2aCKQ6zuSlbdlRb+Hlr88ab23jH85Ig38OqUzBloJJVL30RW8qqtzZAq\nM2ZQeqdOa4qbMQOb6hBt6w/tU/N2xc7DqKG4/5uQfsXhyh6WykfxSV5+B4TYl0vo\nd4MVUMOk0igCRPSE2I9rVIvI0tgtHr2OPbWHinxgwCwunIxmZqj34G5wjOtqH8i3\nwGk2Z07YPUMUVzykOB78mD2vDPPDySXAcPiVljxlFb+0HvBEJHpOmiYTNjmWnec8\ngwzzs9GrQTdnCOL/KUesQlLhVDVWjg3vuNVaOSFPu6FIU/OwpzZ0EKEagD6p0v7I\nNgXysocT4zyeewIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQCyboAhduGZy0hmyh+M\nPQyAEfZ44j0Qd5Blc/cRYacJo9W8NCHxnzWux8VpC73sy1sG8/mWAuNUELtUv8IN\ncMMIcz5tKJIgmoTKe0rUoW9MUrFhrR80TtKkfcejKl+Vpt5wJEXAqalWUp+rCh3a\npks80t9g43YIC+FZpVAAAKzg5iIPstj9m47j81a50j9+aoWGRoPQ27PpfFWXfMl+\nbJ613AsQMn841PyGE+oQDzdinvP9NTw43gLVfVyemZERHtkvKE9UiGObsxLwIn5l\nfQXzUQVdQa9OQoNK2cwm+A08SB/ibNrSjMmMsytTPv0GSYuXySHZjh8wuSOPQ0zX\nv2oqbQf68vrgpVY6xsCdyjU46n8s28N1e5056DptV5MDg0rDw6Vj+vYev3F1pUux\nDX/c3qyoyli5VcwiBVJke+3sSa5A99nAcFWP42iSnPwEX73XB6XK7k/ehz4UIEc4\nb8cnHDrXoOwthHkXjFzNvHf6CUl/7AhzLIaORW8/8NI2kZ+vimJ1ybHSRl2nhDGf\nM+6MrZUw0QuqDScSuHRNH0nJYWGh/v/RN4LOAkwGot6eBrtFzxTwZfd+Sq/A1WEG\n0LngcHMorpTpFWSbXAclVqKnKjj7NhnuxCveTFsUzwbvnCgb97KfgFwJf4qC/8qF\nFbNPEUouyxN6Nqp2U1KYmjnItDGCA2swggNnAgEBMIGPMIGJMQswCQYDVQQGEwJQ\nVDEPMA0GA1UECBMGTGlzYm9hMQ8wDQYDVQQHEwZMaXNib2ExDjAMBgNVBAoTBVpl\ndGVzMREwDwYDVQQLEwhQZW9wbGVJRDEOMAwGA1UEAxMFWmV0ZXMxJTAjBgkqhkiG\n9w0BCQEWFmJvYXZpZGEubkBwdC56ZXRlcy5jb20CAQEwCQYFKw4DAhoFAKCBsTAY\nBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMDA2MTcx\nNTIwMjJaMCMGCSqGSIb3DQEJBDEWBBSv14TcnAiKmbYAtueYu0K7YtszWDBSBgkq\nhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG\n9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASC\nAgBqfvSF0KRiIUZF4KrJUKlybAEaT4kjRJfu4PShCmdpLAgmXr9P959JDhfVuuwr\nK98pNAYQk7iLAQMuiMbqd5q9+i3YuEQY48QG6D9+WheRL4U2h4DJGMrs+FJ9WVOU\nOGok6lhiEOlSicy0zhIrkOA0nXGMpeyCEiYqXUhfpXjWa5k4Ruxv0cSUTJ6DyC8s\nipATCulOyAmbuuUkzMxRh4RKkGZ/Q+t0nyOj9mPEvfLbCW29cKe+hoxPHRNIdtKH\nGPAqLM7po0AjZqnNpaIda4ifbggrAuuoUrfh0jndz5v0aAXavXgSrsuwwDCzeYs3\n+2Gw0XyKBqva2wBFlNKcpsSi5ay+iISURX0ZX8yYlIrSpMakVTg86YZUMRtAIBZY\nIPxkAiXwRd0CLyZ7iNUGTRptSIC6PdAK3261pPDFAljzbg+wOwY0BCTOR3mXTCGJ\nFdJe0wwOYvDSntGK1kgl2dT4XRtMYHgxTED2P0DeBJ2JQA0ol/KEmhd5SjDrj/Z2\ncd5A1dYR6YUc/Jcd3+kjNv7bMm9vl4TOE3idhwCzJyS+QdU7yEiNsNI1CbY36H7I\nJRjfrkeDgXqwQ+W4yW8eDn4jRzR/ZmW9PybncFITdT3+6ySqI9rYUH/VLojcQhnI\nVVOoWO8oT3SQwEBGSanxssbkXj4HnC1vsBVBkhdpC1Q3Kw==\n\n"
This is actually on 1 line, QSettings added the Line end characters itself.
When I copied the content to a separate file I didn't have any problems
verifying the S/MIME in the command line with openssl. So I don't have a clue
what I'm doing wrong.
Op 17-jun-2010, om 17:41 heeft Dr. Stephen Henson het volgende geschreven:
> On Thu, Jun 17, 2010, Niels Stevens wrote:
>
>> Hey I'm want to verify a S/MIME I stored in a INI file. I acces this ini
>> file using QSettings, reading the PKCS7 isn't a problem. I checked the smime
>> with dumpasn1 and their where no problem. I tested the verifiy code using
>> boost libraries and generated a S/MIME with the same certificate I used for
>> the S/MIME stored in the ini file and then the S/MIME is verified.
>>
>> Why can't I verify a stored S/MIME ?
>>
>> This is the code I use :
>>
>> //***************** Check if signing is verified ****************
>> std::string
>> license_key(iniFile.value("license/LicenseKey").toString().toAscii());
>>
>> if (!(rootStore = create_store()))
>> {
>> KILL_STORE(rootStore);
>> return false;
>> }
>>
>> if (!(in = BIO_new(BIO_s_mem())) ||
>> !(BIO_puts(in, license_key.c_str())))
>> {
>> KILL_BIO(in);
>> KILL_STORE(rootStore);
>> return false;
>> }
>>
>> //used to set mem bio react like file bio
>> BIO_set_mem_eof_return(in, 0);
>>
>> if (!(pkcs7 = SMIME_read_PKCS7(in, &pkcs7_bio)))
>> {
>> KILL_BIO(in);
>> KILL_BIO(pkcs7_bio);
>> KILL_STORE(rootStore);
>> return false;
>> }
>>
>> BIO *content_bio = BIO_new(BIO_s_mem());
>> cout << "validate allmowts everything" << endl;
>>
>> if (PKCS7_verify(pkcs7, NULL, rootStore, pkcs7_bio,
>> content_bio, 0) != 1)
>> {
>> }
>>
>
> That doesn't help much. Which part is returning the error? What format is the
> S/MIME message in your .ini file? It is unlikely to be S/MIME format and could
> be base64 encoded instead.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
