diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2000-09-18 12:30:57 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2000-09-18 12:30:57 +0000 |
commit | 730e37edb64e653bfbcc1b932e0651452b52c60c (patch) | |
tree | 33ab7f76f802e00ffd89e8c08d0683ece3b86983 | |
parent | 4b6e6ab91cf6132e1c31236c984369b951c72cc6 (diff) | |
download | openssl-730e37edb64e653bfbcc1b932e0651452b52c60c.tar.gz |
Work around for Netscape PKCS#7 signedData bug.
-rw-r--r-- | CHANGES | 5 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_smime.c | 5 |
2 files changed, 10 insertions, 0 deletions
@@ -4,6 +4,11 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) Disable the check for content being present when verifying detached + signatures in pk7_smime.c. Some versions of Netscape (wrongly) + include zero length content when signing messages. + [Steve Henson] + *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 2ececcd07e..d716f9faeb 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -172,12 +172,17 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); return 0; } +#if 0 + /* NB: this test commented out because some versions of Netscape + * illegally include zero length content when signing data. + */ /* Check for data and content: two sets of data */ if(!PKCS7_get_detached(p7) && indata) { PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); return 0; } +#endif sinfos = PKCS7_get_signer_info(p7); |