]>
Commit | Line | Data |
---|---|---|
7bf7a6d0 MTL |
1 | diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c |
2 | index bf24e92..cbd9669 100644 | |
3 | --- a/Cryptlib/Pk/CryptPkcs7Verify.c | |
4 | +++ b/Cryptlib/Pk/CryptPkcs7Verify.c | |
5 | @@ -30,6 +30,43 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. | |
6 | \r | |
7 | UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };\r | |
8 | \r | |
9 | +BOOLEAN ca_warning;\r | |
10 | +\r | |
11 | +void\r | |
12 | +clear_ca_warning()\r | |
13 | +{\r | |
14 | + ca_warning = FALSE;\r | |
15 | +}\r | |
16 | +\r | |
17 | +BOOLEAN\r | |
18 | +get_ca_warning()\r | |
19 | +{\r | |
20 | + return ca_warning;\r | |
21 | +}\r | |
22 | +\r | |
23 | +int\r | |
24 | +X509VerifyCb (\r | |
25 | + IN int Status,\r | |
26 | + IN X509_STORE_CTX *Context\r | |
27 | + )\r | |
28 | +{\r | |
29 | + INTN Error;\r | |
30 | +\r | |
31 | + Error = (INTN) X509_STORE_CTX_get_error (Context);\r | |
32 | +\r | |
33 | + if (Error == X509_V_ERR_INVALID_CA) {\r | |
34 | + /* Due to the historical reason, we have to relax the the x509 v3 extension\r | |
35 | + * check to allow the CA certificates without the CA flag in the basic\r | |
36 | + * constraints or KeyCertSign in the key usage to be loaded. In the future,\r | |
37 | + * this callback should be removed to enforce the proper check. */\r | |
38 | + ca_warning = TRUE;\r | |
39 | +\r | |
40 | + return 1;\r | |
41 | + }\r | |
42 | +\r | |
43 | + return Status;\r | |
44 | +}\r | |
45 | +\r | |
46 | /**\r | |
47 | Check input P7Data is a wrapped ContentInfo structure or not. If not construct\r | |
48 | a new structure to wrap P7Data.\r | |
49 | @@ -858,6 +895,8 @@ Pkcs7Verify ( | |
50 | goto _Exit;\r | |
51 | }\r | |
52 | \r | |
53 | + X509_STORE_set_verify_cb (CertStore, X509VerifyCb);\r | |
54 | +\r | |
55 | //\r | |
56 | // For generic PKCS#7 handling, InData may be NULL if the content is present\r | |
57 | // in PKCS#7 structure. So ignore NULL checking here.\r | |
58 | -- | |
59 | 2.14.2 | |
60 |