oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use version 0 for issuer name serial number and version 2 for ski

Browse Source 
Pointed by subject Michael Wood <esiotrot@gmail.com> on samba-technical
This commit is contained in:
Love Hornquist Astrand
2010-10-07 00:22:09 -07:00
parent ef543041fc
commit 667ec8eb81
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/hx509/cms.c
View File

@@ -532,6 +532,7 @@ out:
* @param flags flags to control the behavior. * @param flags flags to control the behavior.
* - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate * - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate
* - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
* - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
* @param cert Certificate to encrypt the EnvelopedData encryption key * @param cert Certificate to encrypt the EnvelopedData encryption key
* with. * with.
* @param data pointer the data to encrypt. * @param data pointer the data to encrypt.
@@ -559,9 +560,9 @@ hx509_cms_envelope_1(hx509_context context,
heim_octet_string ivec; heim_octet_string ivec;
heim_octet_string key; heim_octet_string key;
hx509_crypto crypto = NULL; hx509_crypto crypto = NULL;
int ret, cmsidflag;
EnvelopedData ed; EnvelopedData ed;
size_t size; size_t size;
int ret;
memset(&ivec, 0, sizeof(ivec)); memset(&ivec, 0, sizeof(ivec));
memset(&key, 0, sizeof(key)); memset(&key, 0, sizeof(key));
@@ -648,8 +649,15 @@ hx509_cms_envelope_1(hx509_context context,
ri = &ed.recipientInfos.val[0]; ri = &ed.recipientInfos.val[0];
ri->version = 0; if (flags & HX509_CMS_EV_ID_NAME) {
ret = fill_CMSIdentifier(cert, CMS_ID_SKI, &ri->rid); ri->version = 0;
cmsidflag = CMS_ID_NAME;
} else {
ri->version = 2;
cmsidflag = CMS_ID_SKI;
}
ret = fill_CMSIdentifier(cert, cmsidflag, &ri->rid);
if (ret) { if (ret) {
hx509_set_error_string(context, 0, ret, hx509_set_error_string(context, 0, ret,
"Failed to set CMS identifier info " "Failed to set CMS identifier info "