[dev] S/MIME verification
Cliff Green
green@UMDNJ.EDU
Mon Nov 18 22:34:55 2002
Quoting Jan Schneider <jan@horde.org>:
[munch, munch, munch]
> > Well, see the attached screenscrape for what I *think* indicates the kind
> > of verification you're asking about.
>
> That's what I expected though of course I couldn't expect this for _your_
> message as I don't have your organisations crt.
Well, that's just peachy. I signed that message with a key from Verisign, so
you *should* be able to verify it with an "ordinary" smime-capable MUA. Hmm.
> > On the other hand (now that I've shot myself in the foot in public), I
> > double-checked and found that I can only verify signatures made with
> > certs from our public hierarchy, not from our private hierarchy. The msg
> > I signed and sent you used my cert from our public hierarchy. IIRC, there
> > was a change in the way Crypt/smime.php should handle either a hashed
> > directory or a single cafile, but so far I haven't divined the all-inclusive
> > method either.
>
> It's not smime.php but the called openssl function that _should_ handle both
> directories and ca files. smime.php was only changed to expect a single path
> as well as an array of paths.
Right. And I changed my entry in conf.php to:
$conf['utils']['openssl_cafile'] = \
array('/usr/share/ssl/certs/','file://usr/share/ssl/certs/umd.crt');
and it still doesn't do what we want.
c
--
Cliff Green
Academic Computing Services - UMDNJ
Signature under NDA
More information about the dev
mailing list