openssl - PHP openssl_pkcs7_verify returns true on invalid certificate -
i'm trying verify s/mime message signature using openssl_pkcs7_verify().
with 'transport testing tool' http://transport-testing.nist.gov/ttt/ i'm sending sample s/mime messages address , after succesfull decoding, try verify it's signature.
when certificate correct, success, success when certificate invalid.
how can verify correctly php or openssl command?
<?php # cert $bres = openssl_pkcs7_verify('decoded_1.txt', 0, 0, array('nist.gov.pem', 'sampleca.nist.gov.pem')); $berr = openssl_error_string(); var_dump($bres, $berr); # returns true, false # invalid cert $bres = openssl_pkcs7_verify('decoded_2.txt', 0, 0, array('nist.gov.pem', 'sampleca.nist.gov.pem')); $berr = openssl_error_string(); var_dump($bres, $berr); # returns true, false notice ccda_inpatient.xml in thers files same, smime.p7s differs.
Comments
Post a Comment