Commit 730e37ed authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Work around for Netscape PKCS#7 signedData bug.

parent 4b6e6ab9

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -4,6 +4,11 @@ 


 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]



  *) Disable the check for content being present when verifying detached

     signatures in pk7_smime.c. Some versions of Netscape (wrongly)

     include zero length content when signing messages.

     [Steve Henson]



  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR

     BIO_ctrl (for BIO pairs).

crypto/pkcs7/pk7_smime.c

+5 −0
Original line number Diff line number Diff line
@@ -172,12 +172,17 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 
		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);

		return 0;

	}

#if 0

	/* NB: this test commented out because some versions of Netscape

	 * illegally include zero length content when signing data.

	 */



	/* Check for data and content: two sets of data */

	if(!PKCS7_get_detached(p7) && indata) {

				PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);

		return 0;

	}

#endif



	sinfos = PKCS7_get_signer_info(p7);