On Thu, 14 Apr 2011, Nigel Horne wrote:
> I haven't tried this with 2.3.2, only 2.3.1 so this may be wrong.
> The documentation for dkim_set_final
> (http://www.opendkim.org/libopendkim/dkim_set_final.html) seems to me to
> differ from the implementation in the definition of the first argument.
> [...]
The documentation has it wrong. It's fixed for the next release.
> Furthermore, the documentation says that DKIM *dkim must come from
> dkim_verify, yet in http://www.opendkim.org/libopendkim/index.html it's
> listed in the Administration section, not the Verifying section. Could
> dkim not come from dkim_sign?
It's listed as an administration function because it's not something you
would normally do in a per-message context. Rather, it's more like a
library parameter setting function.
The final callback, if set, is only invoked during the EOM phase of
message verification. It is not invoked when signing. The same goes for
the prescreen function.
Signing differs from verifying in that signing doesn't need access to
local resources like private DNS resolvers, nor does signing handle more
than one signature at a time; moreover, verifying has to be able to return
a single value even in the case of multiple signatures, so the logic to
distill the multiple results needs to be accessible to some applications.
So these hooks aren't needed for signing, which is a much simpler
operation overall.
-MSK
Received on Thu Apr 14 2011 - 22:17:42 PST
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sun May 15 2011 - 15:58:22 PST