[PYTHON-CRYPTO] PKCS7 verification with CA hierarchy

Heikki Toivonen heikki at OSAFOUNDATION.ORG
Mon Dec 3 19:39:01 CET 2007

Sébastien Merle wrote:
> If the signer has been issued by another sub CA
> or if the signer has been issued directly by
> the root CA, I want the verification to fail,
> even if the pkc7 contains its own certification chain.

Hmm, I am not completely sure I understood what you want.

> How could I do this in python ? Is it even possible ?

Can you do it using C and OpenSSL? If the answer is yes, then there is a
very high likelyhood you can do it with M2Crypto. The only problem I
could see (beyond bugs of course) is that some OpenSSL API you'd need
has not yet been wrapped. If that turns out to be the case I'd be happy
to wrap the needed API(s) and include them in the next release.

  Heikki Toivonen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20071203/e4b8e84d/attachment.pgp>

More information about the python-crypto mailing list