From 242fcf9feb43e737bbb7c90f0f3a4f464ed1275b Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 24 Nov 2016 13:14:16 +0100
Subject: pkcs7: pass the verification flags down to
 gnutls_x509_trust_list_verify_crt2, in find_signer()

This allows for flags like GNUTLS_VERIFY_DISABLE_TIME_CHECKS to apply when
verifying PKCS#7 structures.
---
 lib/x509/pkcs7.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 565c8ed80e..f412df5cd5 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -1035,6 +1035,7 @@ static
 gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
 			      gnutls_typed_vdata_st * vdata,
 			      unsigned vdata_size,
+			      unsigned vflags,
 			      gnutls_pkcs7_signature_info_st * info)
 {
 	gnutls_x509_crt_t issuer = NULL, crt = NULL;
@@ -1152,7 +1153,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
 		_gnutls_cert_log("verifying with", crt);
 		ret =
 		    gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, vdata,
-						       vdata_size, 0, &vtmp,
+						       vdata_size, vflags, &vtmp,
 						       NULL);
 		if (ret < 0 || vtmp != 0) {
 			gnutls_assert();	/* maybe next one is trusted */
@@ -1247,7 +1248,7 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7,
 		goto cleanup;
 	}
 
-	signer = find_signer(pkcs7, tl, vdata, vdata_size, &info);
+	signer = find_signer(pkcs7, tl, vdata, vdata_size, flags, &info);
 	if (signer) {
 		ret =
 		    gnutls_x509_crt_verify_data3(signer, info.algo, vdata, vdata_size,
-- 
cgit v1.2.1