]> git.proxmox.com Git - mirror_edk2.git/commit
projects / mirror_edk2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e6eaada) | patch
CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAIN
authorDavid Woodhouse <David.Woodhouse@intel.com>
Thu, 29 Oct 2015 14:16:45 +0000 (14:16 +0000)
committerqlong <qlong@Edk2>
Thu, 29 Oct 2015 14:16:45 +0000 (14:16 +0000)
commit68547181f3c5b1c0a73e748b44be1f454e2f7e3c
tree0dcb20e11819754d9d84c172704d1c75a1e2fa57tree
parente6eaada46861a2a7c5a5370d74dafc731a587786commit | diff
CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAIN

Since OpenSSL 1.0.2 we can set this flag on the X509_STORE to instruct
OpenSSL to accept non-self-signed certificates as trusted. So we don't
need two entirely identical copies of a verify_cb() function which makes
it ignore the resulting errors.

We also *didn't* use that verify_cb() function for X509VerifyCert(), but
probably should have done. So that can get X509_V_FLAG_PARTIAL_CHAIN for
consistency, too.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18703 6f19259b-4bc3-4df7-8a09-765794883524
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c diff | blob | blame | history
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c diff | blob | blame | history
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c diff | blob | blame | history
EFI Development Kit II mirror for PVE