Work around for Netscape PKCS#7 signedData bug.

2000-09-18 12:30:57 +00:00 · 2000-09-18 12:30:57 +00:00 · 730e37edb6
commit 730e37edb6
parent 4b6e6ab91c
2 changed files with 10 additions and 0 deletions
--- a/5
+++ b/5
@ -4,6 +4,11 @@

 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

+  *) Disable the check for content being present when verifying detached
+     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
+     include zero length content when signing messages.
+     [Steve Henson]
+
  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
     BIO_ctrl (for BIO pairs).

--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@ -172,12 +172,17 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
 		return 0;
 	}
+#if 0
+	/* NB: this test commented out because some versions of Netscape
+	 * illegally include zero length content when signing data.
+	 */

 	/* Check for data and content: two sets of data */
 	if(!PKCS7_get_detached(p7) && indata) {
 				PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
 		return 0;
 	}
+#endif

 	sinfos = PKCS7_get_signer_info(p7);