oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

option to turn off the KeyUsage check in CMS verify SignedData

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24204 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-12-15 04:32:49 +00:00
parent 5f2da72d8a
commit 26abb7e637
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/hx509/cms.c
View File

@@ -852,8 +852,17 @@ hx509_cms_verify_signed(hx509_context context,
ret = find_CMSIdentifier(context, &signer_info->sid, certs, ret = find_CMSIdentifier(context, &signer_info->sid, certs,
_hx509_verify_get_time(ctx), &cert, _hx509_verify_get_time(ctx), &cert,
HX509_QUERY_KU_DIGITALSIGNATURE); HX509_QUERY_KU_DIGITALSIGNATURE);
if (ret) if (ret) {
continue; if ((flags & HX509_CMS_VS_NO_KU_CHECK) == 0)
continue;
ret = find_CMSIdentifier(context, &signer_info->sid, certs,
_hx509_verify_get_time(ctx), &cert,
0);
if (ret)
continue;
}
if (signer_info->signedAttrs) { if (signer_info->signedAttrs) {
const Attribute *attr; const Attribute *attr;

1
lib/hx509/hx509.h
View File

@@ -130,6 +130,7 @@ typedef enum {
/* flags to hx509_cms_verify_signed */ /* flags to hx509_cms_verify_signed */
#define HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH 0x01 #define HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH 0x01
#define HX509_CMS_VS_NO_KU_CHECK 0x02
/* selectors passed to hx509_crypto_select and hx509_crypto_available */ /* selectors passed to hx509_crypto_select and hx509_crypto_available */
#define HX509_SELECT_ALL 0 #define HX509_SELECT_ALL 0