diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-24 13:14:16 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-25 10:37:07 +0100 |
| commit | 242fcf9feb43e737bbb7c90f0f3a4f464ed1275b (patch) | |
| tree | 19782abda4e38e8c59231ff2a00ae85f415c7954 | |
| parent | 77302d85c4b090f5221bab512452a6487998a712 (diff) | |
| download | gnutls-242fcf9feb43e737bbb7c90f0f3a4f464ed1275b.tar.gz | |
pkcs7: pass the verification flags down to gnutls_x509_trust_list_verify_crt2, in find_signer()
This allows for flags like GNUTLS_VERIFY_DISABLE_TIME_CHECKS to apply when
verifying PKCS#7 structures.
| -rw-r--r-- | lib/x509/pkcs7.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 565c8ed80e..f412df5cd5 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -1035,6 +1035,7 @@ static gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, gnutls_typed_vdata_st * vdata, unsigned vdata_size, + unsigned vflags, gnutls_pkcs7_signature_info_st * info) { gnutls_x509_crt_t issuer = NULL, crt = NULL; @@ -1152,7 +1153,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, _gnutls_cert_log("verifying with", crt); ret = gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata, - vdata_size, 0, &vtmp, + vdata_size, vflags, &vtmp, NULL); if (ret < 0 || vtmp != 0) { gnutls_assert(); /* maybe next one is trusted */ @@ -1247,7 +1248,7 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, goto cleanup; } - signer = find_signer(pkcs7, tl, vdata, vdata_size, &info); + signer = find_signer(pkcs7, tl, vdata, vdata_size, flags, &info); if (signer) { ret = gnutls_x509_crt_verify_data3(signer, info.algo, vdata, vdata_size, |