diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2004-03-27 22:49:28 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2004-03-27 22:49:28 +0000 |
| commit | e1a27eb34a6bf40af1bd6450d0fb3d57f6e24ab5 (patch) | |
| tree | 85542e68548159b865c01b76a96ffe8de2ff7beb /crypto/pkcs7 | |
| parent | 6446e0c3c8286428374ec738ffdc859802bd3c92 (diff) | |
Allow CRLs to be passed into X509_STORE_CTX. This is useful when the
verified structure can contain its own CRLs (such as PKCS#7 signedData).
Tidy up some of the verify code.
Diffstat (limited to 'crypto/pkcs7')
| -rw-r--r-- | crypto/pkcs7/pk7_smime.c | 2 | ||||
| -rw-r--r-- | crypto/pkcs7/pkcs7.h | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 333a8aa38d..6aca0222da 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -217,6 +217,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, sk_X509_free(signers); return 0; } + if (!(flags & PKCS7_NOCRL)) + X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); i = X509_verify_cert(&cert_ctx); if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); X509_STORE_CTX_cleanup(&cert_ctx); diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index 788cd5d6c0..9dc3c0caa0 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -265,6 +265,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_NOOLDMIMETYPE 0x400 #define PKCS7_CRLFEOL 0x800 #define PKCS7_STREAM 0x1000 +#define PKCS7_NOCRL 0x2000 /* Flags: for compatibility with older code */ |