# else\r
\r
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c\r
-index c4d3724..0996c39 100644\r
+index c4d3724..fd531c9 100644\r
--- a/crypto/pkcs7/pk7_smime.c\r
+++ b/crypto/pkcs7/pk7_smime.c\r
@@ -254,7 +254,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
int i, j = 0, k, ret = 0;\r
BIO *p7bio = NULL;\r
BIO *tmpin = NULL, *tmpout = NULL;\r
-@@ -275,12 +276,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
+@@ -274,12 +275,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);\r
return 0;\r
}\r
++#if 0\r
++ /*\r
++ * NB: this test commented out because some versions of Netscape\r
++ * illegally include zero length content when signing data. Also\r
++ * Microsoft Authenticode includes a SpcIndirectDataContent data\r
++ * structure which describes the content to be protected by the\r
++ * signature, rather than directly embedding that content. So\r
++ * Authenticode implementations are also expected to use\r
++ * PKCS7_verify() with explicit external data, on non-detached\r
++ * PKCS#7 signatures.\r
++ *\r
++ * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been\r
++ * introduced to disable this sanity check. For the 1.0.2 branch\r
++ * this change is not acceptable, so the check remains completely\r
++ * commented out (as it has been for a long time).\r
++ */\r
+ \r
+ /* Check for data and content: two sets of data */\r
+ if (!PKCS7_get_detached(p7) && indata) {\r
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);\r
+ return 0;\r
+ }\r
++#endif\r
\r
-- /* Check for data and content: two sets of data */\r
-- if (!PKCS7_get_detached(p7) && indata) {\r
-- PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);\r
-- return 0;\r
-- }\r
--\r
sinfos = PKCS7_get_signer_info(p7);\r
\r
- if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {\r
-@@ -355,9 +350,14 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
+@@ -355,9 +373,14 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
} else\r
tmpout = out;\r
\r
if (i <= 0)\r
break;\r
if (tmpout)\r
-@@ -394,6 +394,9 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
+@@ -394,6 +417,9 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,\r
}\r
BIO_free_all(p7bio);\r
sk_X509_free(signers);\r