[guest - Tue Jul 11 09:13:28 2006]:

> testmail2.signed-original.eml is one example that doesn't validate


The qcStatements extension in the certificate is

2714:d=8 hl=2 l= 39 cons: SEQUENCE
2716:d=9 hl=2 l= 8 prim: OBJECT :qcStatements
2726:d=9 hl=2 l= 1 prim: BOOLEAN :255
2729:d=9 hl=2 l= 24 prim: OCTET STRING [HEX
DUMP]:3016300A06082B06010505070B013008060604008E460101

However the qcStatements definition per rfc 3039 is

QCStatements ::= SEQUENCE OF QCStatement

QCStatement ::= SEQUENCE {
statementId OBJECT IDENTIFIER,
statementInfo ANY DEFINED BY statementId OPTIONAL}

So it seems to me the certificate is encoded incorrectly.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org