diff --git a/lib/hx509/Makefile.am b/lib/hx509/Makefile.am
index 8c9ef5df5..f9666016d 100644
--- a/lib/hx509/Makefile.am
+++ b/lib/hx509/Makefile.am
@@ -4,7 +4,7 @@ include $(top_srcdir)/Makefile.am.common
 
 lib_LTLIBRARIES = libhx509.la
 noinst_LTLIBRARIES = libnhx509.la
-libhx509_la_LDFLAGS = -version-info 4:0:0
+libhx509_la_LDFLAGS = -version-info 5:0:0
 
 BUILT_SOURCES =				\
 	sel-gram.h			\
diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c
index 9ba0d423f..51756cc77 100644
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -738,12 +738,13 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid)
  * Decode SignedData and verify that the signature is correct.
  *
  * @param context A hx509 context.
- * @param ctx a hx509 version context
- * @param data pointer to CMS SignedData encoded data
+ * @param ctx a hx509 verify context.
+ * @param flags to control the behaivor of the function.
+ * @param data pointer to CMS SignedData encoded data.
  * @param length length of the data that data point to.
- * @param signedContent external data used for signature
+ * @param signedContent external data used for signature.
  * @param pool certificate pool to build certificates paths.
- * @param contentType free with der_free_oid()
+ * @param contentType free with der_free_oid().
  * @param content the output of the function, free with
  * der_free_octet_string().
  * @param signer_certs list of the cerficates used to sign this
@@ -755,6 +756,7 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid)
 int
 hx509_cms_verify_signed(hx509_context context,
 			hx509_verify_ctx ctx,
+			unsigned int flags,
 			const void *data,
 			size_t length,
 			const heim_octet_string *signedContent,
@@ -949,7 +951,8 @@ hx509_cms_verify_signed(hx509_context context,
 	    match_oid = oid_id_pkcs7_data();
 	}
 
-	if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType)) {
+	if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType) &&
+	    (flags & HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH) == 0) {
 	    ret = HX509_CMS_DATA_OID_MISMATCH;
 	    hx509_set_error_string(context, 0, ret,
 				   "Oid in message mismatch from the expected");
diff --git a/lib/hx509/version-script.map b/lib/hx509/version-script.map
index 6953b817a..567cd047b 100644
--- a/lib/hx509/version-script.map
+++ b/lib/hx509/version-script.map
@@ -1,6 +1,6 @@
 # $Id$
 
-HEIMDAL_X509_1.1 {
+HEIMDAL_X509_1.2 {
 	global:
 		initialize_hx_error_table_r;
 		hx509_bitstring_print;