Re: [PATCH] PKCS#7 signed data handling in MHonArc

2001-11-14 12:06:36
Cool.  Are you interested in making the modifications to reflect
the filter API changes in MHonArc 2.5?  

 Well yes, but not quite right now, sorry (I worked on MHonArc as part
of another job assignment).

. It appears the PKCS#7 filter requires no patches to the main
  MHonArc code base.  Is this correct?


. Can you supply how one would register the filter into MHonArc
  via the MIMEFILTERS resource?


(you can change file and routine names at will of course)

. Can you list any external dependencies the filter relies on
  (e.g. openssl)?

This is the only one. Any version of openssl above 0.9.5 is OK, and
one does not need a configuration file nor a CA hierarchy (this is
what the -noverify option is for). Openssl refuses to output badly
signed text inside correct PKCS#7, though.

I have not looked into the details of PKCS, but if has to deal
with multipart/related messages (like SMIME), you can look at to see how a filter can access other parts of
a message.  Focus on the resolve_cid() routine.

This what I did for 2.4.9. PKCS#7 is a binary format for signature,
its purpose is similar to SMIME except signatures are not
detachable. The payload (at the encapsulation level just under PKCS#7,
once the signature is removed) consists of a MIME document with many
missing headers. During the tests, I was able to deal with multipart
PKCS#7 payloads very well as I mentioned in the previous post.

If the filter can be updated to be compatible with v2.5, I
can include it into the standard distribution.

As soon as I have a little spare time, I will try this (and a little
page of documentation in plain text).

<< Tout n'y est pas parfait, mais on y honore certainement les jardiniers >>

                        Dominique Quatravaux 

<Prev in Thread] Current Thread [Next in Thread>