Discussion:
Cannot retrieve embedded signer certificate from CMS message
Rares Dumitrache
2014-10-20 11:25:56 UTC
Permalink
Hello,

I have a signing certificate with which I sign a message with openssl
command line. I do NOT use -nocerts option, so the signing certificate
should be embedded in the CMS message. I verify that it exists by
retrieving it with command:
openssl cms -verify -in infile.ini -certsout cert_to_test.pem and I
test the certificate and it works.

Now I want to retrieve the certificate in C, using openssl library. I
read the CMS message file, then I read the SMIME and trz to get the
signer. Here is the function called:

pBioFile= BIO_new_file(file, "r");

pCms = SMIME_read_CMS(pBioFile, NULL);

pCms_signer = CMS_get0_SignerInfos(pCms);

sk_CMS_SignerInfo_num(pskCms_signer ) -> return 0 meaning no
certificates were found.


Can anyone help with what am I doing wrong?


Thanks,
Rares
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Dr. Stephen Henson
2014-10-20 12:30:51 UTC
Permalink
Post by Rares Dumitrache
Hello,
I have a signing certificate with which I sign a message with
openssl command line. I do NOT use -nocerts option, so the signing
certificate should be embedded in the CMS message. I verify that it
openssl cms -verify -in infile.ini -certsout cert_to_test.pem and
I test the certificate and it works.
Now I want to retrieve the certificate in C, using openssl library.
I read the CMS message file, then I read the SMIME and trz to get
pBioFile= BIO_new_file(file, "r");
pCms = SMIME_read_CMS(pBioFile, NULL);
pCms_signer = CMS_get0_SignerInfos(pCms);
sk_CMS_SignerInfo_num(pskCms_signer ) -> return 0 meaning no
certificates were found.
No, that means no signers were found which is a little strange if you signed
the original message. What command did you use?

If you didn't sign the message and just included the certificate (this is
sometimes done as a way of packaging multiple certificates).
then you just want to retrieve all certificates in the message.

You can use CMS_get1_certs() for that.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Loading...