[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: [openssl-users] PKCS7->signerInfo->encryptedDigest not type X509_SIG
From: Michael Heide <michael.heide () student ! uni-siegen ! de>
Date: 2015-09-20 8:51:26
Message-ID: 20150920105126.7f6e701f () tbb-phenom
[Download RAW message or body]
Am Sat, 19 Sep 2015 23:09:16 +0200 schrieb Jakob Bohm <jb-openssl@wisemo.com>:
> 1. The error should not call this "plain", this would lead
> to the same misunderstanding I had earlier.
Right. I'm not an advanced english speaker, I shouldn't name it at all. ;-)
Btw. In the meantime I think my last suggestion for a patch is poor. Still handling \
this kind of signatures as an error would fail/stop the whole verification process \
and if this happens with some intermediate certificate, then the application cannot \
turn this into a successful verification (AFAIK).
I haven't found a way to make it configurable, yet. That is to not change OpenSSLs \
default behaviour but have an option to let it accept those kind of signatures.
> 3. It would be really nice if someone in the know would
> explain under which conditions this alternative signature
> algorithm is used and/or necessary.
Yes.
I've found only a single time stamping service so far.
Regards
Michael
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic