settings.
Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.
Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
+ *) Set S/MIME signing as the default purpose rather than setting it
+ unconditionally. This allows applications to override it at the store
+ level.
+ [Steve Henson]
+
*) Permit restricted recursion of ASN1 strings. This is needed in practice
to handle some structures.
[Steve Henson]
CMS_R_STORE_INIT_ERROR);
goto err;
}
- X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN);
+ X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
if (crls)
X509_STORE_CTX_set0_crls(&ctx, crls);
sk_X509_free(signers);
return 0;
}
- X509_STORE_CTX_set_purpose(&cert_ctx,
- X509_PURPOSE_SMIME_SIGN);
+ X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
sk_X509_free(signers);
param->name = NULL;
param->purpose = 0;
param->trust = 0;
- param->inh_flags = X509_VP_FLAG_DEFAULT;
+ param->inh_flags = 0;
param->flags = 0;
param->depth = -1;
if (param->policies)
NULL /* policies */
},
{
- "pkcs7", /* SSL/TLS client parameters */
+ "pkcs7", /* S/MIME signing parameters */
+ 0, /* Check time */
+ 0, /* internal flags */
+ 0, /* flags */
+ X509_PURPOSE_SMIME_SIGN, /* purpose */
+ X509_TRUST_EMAIL, /* trust */
+ -1, /* depth */
+ NULL /* policies */
+ },
+ {
+ "smime_sign", /* S/MIME signing parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
projects / openssl.git / commitdiff