[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: [openssl-users] PKCS7->signerInfo->encryptedDigest not type X509_SIG
From:       Michael Heide <michael.heide () student ! uni-siegen ! de>
Date:       2015-09-20 8:51:26
Message-ID: 20150920105126.7f6e701f () tbb-phenom
[Download RAW message or body]

Am Sat, 19 Sep 2015 23:09:16 +0200 schrieb Jakob Bohm <jb-openssl@wisemo.com>:

> 1. The error should not call this "plain", this would lead
> to the same misunderstanding I had earlier.

Right. I'm not an advanced english speaker, I shouldn't name it at all. ;-)

Btw. In the meantime I think my last suggestion for a patch is poor. Still handling \
this kind of signatures as an error would fail/stop the whole verification process \
and if this happens with some intermediate certificate, then the application cannot \
turn this into a successful verification (AFAIK). 

I haven't found a way to make it configurable, yet. That is to not change OpenSSLs \
default behaviour but have an option to let it accept those kind of signatures.

> 3. It would be really nice if someone in the know would
> explain under which conditions this alternative signature
> algorithm is used and/or necessary.

Yes.
I've found only a single time stamping service so far. 

Regards
Michael
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


[prev in list] [next in list] [prev in thread] [next in thread]