[Antti.Tapio@elma.net - Thu Dec 29 12:48:32 2005]:

> Hi,
>
> Attached is a patch that enables binary "encoded" S/MIME signatures and
> encryption in OpenSSL smime-module. Messages can be signed and
> encrypted in binary form using the new "-transenc binary" command line
> option.
>
> This patch includes the "openssl smime -verify on binary files"
> patch submitted by Robert Reitenbach.
> http://www.aet.tu-cottbus.de/rt2/Tic...ay.html?id=828
>
> In addition to the changes in the older patch, the following
> modifications have been made:
>
> apps/smime.c
> Added handling for the transenc parameter.
>
> crypto/pkcs7/pk7_mime.c
> New functions BINARY_write_PKCS7 and BINARY_read_PKCS7.
>
> crypto/pkcs7/pkcs7.h
> New flag PKCS7_TRANSFER_ENCODING_BINARY.
> New function codes PKCS7_F_BINARY_READ_PKCS7 and
> PKCS7_F_BINARY_WRITE_PKCS.
>
> crypto/pkcs7/pkcs7err.c
> Added proper error messages for unsupported content transfer
> encodings.
>
> doc/apps/smime.pod
> Added documentation for the transenc parameter.
>
> Please note that if a Content-Transfer-Encoding header is not present,
> the content is handled as base64. This is against the RFC but consistent
> with the functionality of older versions of OpenSSL.
>
> Please consider applying this patch to some upcoming version of OpenSSL.
> Although there are still limitations in handling more complex MIME
> messages, support for simple binary S/MIME messages would be nice to
> have in OpenSSL.
>


Adding the extra parameter to SMIME_read_PKCS7() is problematical in
terms of compatibility with older versions of OpenSSL. Though a new
function with the extra flag wouldn't be a problem and them
SMIME_read_PKCS7() would just call the new function with the 'flags'
parameter set to zero.

Is there some reason why SMIME_read_PKCS7 can't automatically work out
what to do based on the MIME headers?

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org