Commit 8cff6331 authored Feb 01, 2001 by Dr. Stephen Henson

Tolerate some "variations" used in some

certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.

parent cd6aa710

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -3,6 +3,10 @@

		Changes between 0.9.6 and 0.9.7 [xx XXX 2000]

		*) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
		keyUsage if basicConstraints absent for a CA.
		[Steve Henson]

		*) Make SMIME_write_PKCS7() write mail header values with a format that
		is more generally accepted (no spaces before the semicolon), since
		some programs can't parse those values properly otherwise. Also make

crypto/x509v3/v3_purp.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -371,6 +371,8 @@ static int ca_check(const X509 *x)
		else return 0;
		} else {
		if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
		/* If key usage present it must have certSign so tolerate it */
		else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
		else return 2;
		}
		}
		@@ -455,7 +457,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE xp, const X509 x, int c
		int ret;
		ret = purpose_smime(x, ca);
		if(!ret \|\| ca) return ret;
		if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0;
		if(ku_reject(x, KU_DIGITAL_SIGNATURE\|KU_NON_REPUDIATION)) return 0;
		return ret;
		}