Fix from stable branch.

This commit is contained in:
Dr. Stephen Henson 2009-03-15 13:37:34 +00:00
parent 854a225a27
commit 237d7b6cae
4 changed files with 20 additions and 5 deletions

View File

@ -748,6 +748,11 @@
Changes between 0.9.8j and 0.9.8k [xx XXX xxxx] Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
*) Set S/MIME signing as the default purpose rather than setting it
unconditionally. This allows applications to override it at the store
level.
[Steve Henson]
*) Permit restricted recursion of ASN1 strings. This is needed in practice *) Permit restricted recursion of ASN1 strings. This is needed in practice
to handle some structures. to handle some structures.
[Steve Henson] [Steve Henson]

View File

@ -292,7 +292,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
CMS_R_STORE_INIT_ERROR); CMS_R_STORE_INIT_ERROR);
goto err; goto err;
} }
X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN); X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
if (crls) if (crls)
X509_STORE_CTX_set0_crls(&ctx, crls); X509_STORE_CTX_set0_crls(&ctx, crls);

View File

@ -327,8 +327,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
sk_X509_free(signers); sk_X509_free(signers);
return 0; return 0;
} }
X509_STORE_CTX_set_purpose(&cert_ctx, X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
X509_PURPOSE_SMIME_SIGN);
} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
sk_X509_free(signers); sk_X509_free(signers);

View File

@ -74,7 +74,8 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
param->name = NULL; param->name = NULL;
param->purpose = 0; param->purpose = 0;
param->trust = 0; param->trust = 0;
param->inh_flags = X509_VP_FLAG_DEFAULT; /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
param->inh_flags = 0;
param->flags = 0; param->flags = 0;
param->depth = -1; param->depth = -1;
if (param->policies) if (param->policies)
@ -324,7 +325,17 @@ static const X509_VERIFY_PARAM default_table[] = {
NULL /* policies */ NULL /* policies */
}, },
{ {
"pkcs7", /* SSL/TLS client parameters */ "pkcs7", /* S/MIME sign parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
X509_PURPOSE_SMIME_SIGN, /* purpose */
X509_TRUST_EMAIL, /* trust */
-1, /* depth */
NULL /* policies */
},
{
"smime_sign", /* S/MIME sign parameters */
0, /* Check time */ 0, /* Check time */
0, /* internal flags */ 0, /* internal flags */
0, /* flags */ 0, /* flags */