generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Work around for Netscape PKCS#7 signedData bug.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2000-09-18 12:30:57 +00:00
parent 4b6e6ab91c
commit 730e37edb6
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -4,6 +4,11 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000] Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
*) Disable the check for content being present when verifying detached
signatures in pk7_smime.c. Some versions of Netscape (wrongly)
include zero length content when signing messages.
[Steve Henson]
*) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
BIO_ctrl (for BIO pairs). BIO_ctrl (for BIO pairs).

5
crypto/pkcs7/pk7_smime.c
View File

@ -172,12 +172,17 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
return 0; return 0;
} }
#if 0
/* NB: this test commented out because some versions of Netscape
* illegally include zero length content when signing data.
*/
/* Check for data and content: two sets of data */ /* Check for data and content: two sets of data */
if(!PKCS7_get_detached(p7) && indata) { if(!PKCS7_get_detached(p7) && indata) {
PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
return 0; return 0;
} }
#endif
sinfos = PKCS7_get_signer_info(p7); sinfos = PKCS7_get_signer_info(p7);