mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Fix from stable branch.
This commit is contained in:
parent
854a225a27
commit
237d7b6cae
5
CHANGES
5
CHANGES
@ -748,6 +748,11 @@
|
|||||||
|
|
||||||
Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
|
Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
|
||||||
|
|
||||||
|
*) Set S/MIME signing as the default purpose rather than setting it
|
||||||
|
unconditionally. This allows applications to override it at the store
|
||||||
|
level.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
*) Permit restricted recursion of ASN1 strings. This is needed in practice
|
*) Permit restricted recursion of ASN1 strings. This is needed in practice
|
||||||
to handle some structures.
|
to handle some structures.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
@ -292,7 +292,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
|
|||||||
CMS_R_STORE_INIT_ERROR);
|
CMS_R_STORE_INIT_ERROR);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN);
|
X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
|
||||||
if (crls)
|
if (crls)
|
||||||
X509_STORE_CTX_set0_crls(&ctx, crls);
|
X509_STORE_CTX_set0_crls(&ctx, crls);
|
||||||
|
|
||||||
|
@ -327,8 +327,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
|
|||||||
sk_X509_free(signers);
|
sk_X509_free(signers);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
X509_STORE_CTX_set_purpose(&cert_ctx,
|
X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
|
||||||
X509_PURPOSE_SMIME_SIGN);
|
|
||||||
} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
|
} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
|
||||||
PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
|
PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
|
||||||
sk_X509_free(signers);
|
sk_X509_free(signers);
|
||||||
|
@ -74,7 +74,8 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
|
|||||||
param->name = NULL;
|
param->name = NULL;
|
||||||
param->purpose = 0;
|
param->purpose = 0;
|
||||||
param->trust = 0;
|
param->trust = 0;
|
||||||
param->inh_flags = X509_VP_FLAG_DEFAULT;
|
/*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
|
||||||
|
param->inh_flags = 0;
|
||||||
param->flags = 0;
|
param->flags = 0;
|
||||||
param->depth = -1;
|
param->depth = -1;
|
||||||
if (param->policies)
|
if (param->policies)
|
||||||
@ -324,7 +325,17 @@ static const X509_VERIFY_PARAM default_table[] = {
|
|||||||
NULL /* policies */
|
NULL /* policies */
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"pkcs7", /* SSL/TLS client parameters */
|
"pkcs7", /* S/MIME sign parameters */
|
||||||
|
0, /* Check time */
|
||||||
|
0, /* internal flags */
|
||||||
|
0, /* flags */
|
||||||
|
X509_PURPOSE_SMIME_SIGN, /* purpose */
|
||||||
|
X509_TRUST_EMAIL, /* trust */
|
||||||
|
-1, /* depth */
|
||||||
|
NULL /* policies */
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"smime_sign", /* S/MIME sign parameters */
|
||||||
0, /* Check time */
|
0, /* Check time */
|
||||||
0, /* internal flags */
|
0, /* internal flags */
|
||||||
0, /* flags */
|
0, /* flags */
|
||||||
|
Loading…
Reference in New Issue
Block a user