diff options
| -rw-r--r-- | CHANGES | 5 | ||||
| -rw-r--r-- | crypto/cms/cms_smime.c | 2 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_smime.c | 3 | ||||
| -rw-r--r-- | crypto/x509/x509_vpm.c | 14 |
4 files changed, 19 insertions, 5 deletions
@@ -4,6 +4,11 @@ Changes between 0.9.8j and 0.9.8k [xx XXX xxxx] + *) Set S/MIME signing as the default purpose rather than setting it + unconditionally. This allows applications to override it at the store + level. + [Steve Henson] + *) Permit restricted recursion of ASN1 strings. This is needed in practice to handle some structures. [Steve Henson] diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index b9463f9abb..167daf5915 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -298,7 +298,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, CMS_R_STORE_INIT_ERROR); goto err; } - X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN); + X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); if (crls) X509_STORE_CTX_set0_crls(&ctx, crls); diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index c34db1d6fe..fd18ec3d95 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -229,8 +229,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, sk_X509_free(signers); return 0; } - X509_STORE_CTX_set_purpose(&cert_ctx, - X509_PURPOSE_SMIME_SIGN); + X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); sk_X509_free(signers); diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 4bdec58b9e..2b06718aec 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -74,7 +74,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) param->name = NULL; param->purpose = 0; param->trust = 0; - param->inh_flags = X509_VP_FLAG_DEFAULT; + param->inh_flags = 0; param->flags = 0; param->depth = -1; if (param->policies) @@ -324,7 +324,17 @@ static const X509_VERIFY_PARAM default_table[] = { NULL /* policies */ }, { - "pkcs7", /* SSL/TLS client parameters */ + "pkcs7", /* S/MIME signing parameters */ + 0, /* Check time */ + 0, /* internal flags */ + 0, /* flags */ + X509_PURPOSE_SMIME_SIGN, /* purpose */ + X509_TRUST_EMAIL, /* trust */ + -1, /* depth */ + NULL /* policies */ + }, + { + "smime_sign", /* S/MIME signing parameters */ 0, /* Check time */ 0, /* internal flags */ 0, /* flags */ |