]> git.proxmox.com Git - mirror_edk2.git/blobdiff - CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CryptoPkg BaseCryptLib: Init the content of struct 'CertCtx' before use
[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptX509.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 5d6be6fce9e545408529b43c6baff85d059d8e08..7dc459675965e4d66b08cda67567b0d629fb047e 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -463,6 +463,13 @@ X509VerifyCert (
     goto _Exit;\r
   }\r
 \r
+  //\r
+  // Allow partial certificate chains, terminated by a non-self-signed but\r
+  // still trusted intermediate certificate. Also disable time checks.\r
+  //\r
+  X509_STORE_set_flags (CertStore,\r
+                        X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);\r
+\r
   //\r
   // Set up X509_STORE_CTX for the subsequent verification operation.\r
   //\r
EFI Development Kit II mirror for PVE