[dev] S/MIME verification

Cliff Green green@UMDNJ.EDU
Mon Nov 18 20:29:50 2002 

Quoting Jan Schneider <jan@horde.org>:

> Zitat von Cliff Green <green@UMDNJ.EDU>:
> 
> > Quoting Jan Schneider <jan@horde.org>:
> >
> > > I just looked back at the archives but couldn't find any useful hint.
> > > Did anyone ever succeed in verifying an s/mime signed message?
> >
> > Yes.
> >
> > > Verification of the message itself does actually work, but the senders
> > cert
> > > can never be verified.
> > >
> > > I tried to put my openssl distribution's certs directory as well as
> > > mod_ssl's ca-bundle.crt file into $conf['utils']['openssl_cafile'].
> >
> > I currently only have:
> >  $conf['utils']['openssl_cafile'] = '/usr/share/ssl/certs/';  (though
> > usually I
> > install ssl in /usr/local/ssl and therefore the certs in
> > /usr/local/ssl/certs -
> > YMMV).
> >
> > I've stored all of the certs I care to check against in pem format, and
> > have hashed the files in that directory with c_hash (if you have c_rehash,
> > it'll do the whole directory for you).
> 
> That's what I have, besides that my certs (pem and hashed) are in
> /etc/ssl/certs/. It still doesn't work. Can you verify the cert your own
> message? I couldn't.

Well, see the attached screenscrape for what I *think* indicates the kind of
verification you're asking about.

On the other hand (now that I've shot myself in the foot in public), I
double-checked and found that I can only verify signatures made with certs from
our public hierarchy, not from our private hierarchy.  The msg I signed and sent
you used my cert from our public hierarchy.  IIRC, there was a change in the way
Crypt/smime.php should handle either a hashed directory or a single cafile, but
so far I haven't divined the all-inclusive method either.

More, if I find it...

c
-- 
Cliff Green
Academic Computing Services - UMDNJ
Signature under NDA-------------- next part --------------
A non-text attachment was scrubbed...
Name: signed_msg.jpg
Type: image/jpeg
Size: 66999 bytes
Desc: not available
Url : http://lists.horde.org/archives/dev/attachments/20021118/349a7cd1/signed_msg.jpe

More information about the dev mailing list