diff options
author | Kurt Zenker <kz@openoffice.org> | 2009-10-14 16:21:13 +0000 |
---|---|---|
committer | Kurt Zenker <kz@openoffice.org> | 2009-10-14 16:21:13 +0000 |
commit | 618a4653360de8d1584d9ece2288b475054eac78 (patch) | |
tree | 9b64d362c97ab7b1bc4da9c5f5c418729158a23b /libxmlsec/xmlsec1-noverify.patch | |
parent | #i105697# Patch by pjanik: Use 'linux-generic64' to configure openssl. (diff) | |
download | core-618a4653360de8d1584d9ece2288b475054eac78.tar.gz core-618a4653360de8d1584d9ece2288b475054eac78.zip |
CWS-TOOLING: integrate CWS jl135_nss
2009-10-01 15:20:03 +0200 jl r276605 : #1004856# moved to xmlsec1-mingw32.patch
2009-10-01 10:51:24 +0200 jl r276580 : #1004856# build keymgr with mingw
2009-10-01 10:50:52 +0200 jl r276579 : #1004856# build keymgr with mingw
2009-10-01 10:37:28 +0200 jl r276578 : #1004856# do not build xmlsec1 app
2009-09-29 16:01:31 +0200 jl r276532 : #1004856# Using libxml2 from solver if available
2009-09-26 16:31:32 +0200 jl r276477 : #i104856# xmlsec1-mscrypto-1 is now xmlsec1-mscrypto
2009-09-25 17:05:26 +0200 jl r276470 : CWS-TOOLING: rebase CWS jl135_nss to trunk@276429 (milestone: DEV300:m60)
2009-09-24 12:57:10 +0200 jl r276419 : #i104856# libxmlsec update
2009-09-24 12:46:58 +0200 jl r276418 : #i104856# fixing mac configure problem in configure.in and regenerating configure
2009-09-23 16:49:54 +0200 jl r276405 : i#104856# configure failed on mac
2009-09-23 10:21:35 +0200 jl r276369 : #i104856# adapting patches to apply cleanly and readme change
2009-09-21 13:45:47 +0200 jl r276326 : #i104856 updating to 1.2.12, using changes patches from cmc made on xmlsec1_2_12
2009-09-21 11:27:46 +0200 jl r276319 : #i105183# forget to uncomment PATCH_FILES
2009-09-18 17:41:20 +0200 jl r276296 : #i105183# update of nss libs
Diffstat (limited to 'libxmlsec/xmlsec1-noverify.patch')
-rw-r--r-- | libxmlsec/xmlsec1-noverify.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/libxmlsec/xmlsec1-noverify.patch b/libxmlsec/xmlsec1-noverify.patch new file mode 100644 index 000000000000..0015c8e62e7a --- /dev/null +++ b/libxmlsec/xmlsec1-noverify.patch @@ -0,0 +1,59 @@ +--- misc/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-06-25 22:53:18.000000000 +0200 ++++ misc/build/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-09-23 10:01:07.237316078 +0200 +@@ -559,9 +559,16 @@ + CertFreeCertificateContext(nextCert); + } + +- if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { +- return(cert); +- } ++ /* JL: OpenOffice.org implements its own certificate verification routine. ++ The goal is to seperate validation of the signature ++ and the certificate. For example, OOo could show that the document signature is valid, ++ but the certificate could not be verified. If we do not prevent the verification of ++ the certificate by libxmlsec and the verification fails, then the XML signature will not be ++ verified. This would happen, for example, if the root certificate is not installed. ++ */ ++/* if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { */ ++ if (selected == 1) ++ return cert; + } + + return (NULL); +--- misc/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-23 10:06:52.989793254 +0200 ++++ misc/build/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-23 10:05:03.183042205 +0200 +@@ -191,13 +191,27 @@ + continue; + } + +- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), +- cert, PR_FALSE, +- (SECCertificateUsage)0, +- timeboundary , NULL, NULL, NULL); +- if (status == SECSuccess) { +- break; +- } ++ ++ /* ++ JL: OpenOffice.org implements its own certificate verification routine. ++ The goal is to seperate validation of the signature ++ and the certificate. For example, OOo could show that the document signature is valid, ++ but the certificate could not be verified. If we do not prevent the verification of ++ the certificate by libxmlsec and the verification fails, then the XML signature may not be ++ verified. This would happen, for example, if the root certificate is not installed. ++ ++ status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), ++ cert, PR_FALSE, ++ (SECCertificateUsage)0, ++ timeboundary , NULL, NULL, NULL); ++ if (status == SECSuccess) { ++ break; ++ } ++ ++ */ ++ status = SECSuccess; ++ break; ++ + } + + if (status == SECSuccess) { |