[openssl.org #1167] allow to use -nocerts in "smime -decrypt" or look for private key anyway if no matching cert found
Some knowledgeable hints for implementing this I just got:
> > > There isn't a command line option to do this, it would require
> > > some modification of the OpenSSL S/MIME code.
> > >
> > > Typically an S/MIME message will have several several
> > > RecipientInfo structures even if there is only one recipient (many
> > > S/MIME clients make sure the sender is also included in
> > > RecipientInfo) and the order is arbitrary. This
> > > makes it a hit and miss process.
> Well this is strictly a "hack" solution...
> In crypto/pkcs7/pk7_smime.c you need to disable the
> call in PKCS7_decrypt() by commenting it out.
> Then in pk7_doit.c in the function PKCS7_dataDecode there is a section
> where it matches a certificate to a RecipientInfo. You need to either
> set that to use a specific RecipientInfo or have it loop round
> checking if EVP_PKEY_decrypt() works (as happens lower down).
> You may also have to modify the 'smime' utility to no longer expect a