问题
I receive smime message with content-type 'Application/EDI'. It is non-standard mime type and content should be interpreted as binary. But OpenSSL during verifying signature treats it as text and changes line breaks from '\n' to '\r\n' (as needed by spec for content-type 'text'). So digest becomes wrong and verification fails.
Is there any way to make openssl not chaging anything in original message? Argument '-binary' doesn't work on any version (I tried 0.9.7, 0.9.8, 1.0.0).
回答1:
Ok, answering my own question.
I've split input data into two separate files with content and signature removing unnecessary metadata. After that I changed mime type of signature to application/pkcs7-mime and verification became successful with this command:
openssl.exe smime -verify -inform SMIME -CAfile caCert.pem -certfile cert.pem -in signature.txt -content content.txt
Variant with changing -inform to PEM also works, but signature must be without Content-xxx headers
来源:https://stackoverflow.com/questions/3975612/openssl-treats-smime-message-with-content-type-application-edi-as-text-and-cha