| Caolán McNamara | 94bc499 | 2009-12-17 13:32:53 +0000 | [diff] [blame] | 1 | --- misc/xmlsec1-1.2.14/src/mscrypto/x509vfy.c 2009-06-25 22:53:18.000000000 +0200 |
| 2 | +++ misc/build/xmlsec1-1.2.14/src/mscrypto/x509vfy.c 2009-09-23 10:01:07.237316078 +0200 |
| 3 | @@ -567,9 +567,16 @@ |
| Kurt Zenker | 618a465 | 2009-10-14 16:21:13 +0000 | [diff] [blame] | 4 | CertFreeCertificateContext(nextCert); |
| 5 | } |
| 6 | |
| 7 | - if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { |
| 8 | - return(cert); |
| 9 | - } |
| 10 | + /* JL: OpenOffice.org implements its own certificate verification routine. |
| Tor Lillqvist | cb6d67c | 2013-05-15 10:42:04 +0300 | [diff] [blame] | 11 | + The goal is to separate validation of the signature |
| Kurt Zenker | 618a465 | 2009-10-14 16:21:13 +0000 | [diff] [blame] | 12 | + and the certificate. For example, OOo could show that the document signature is valid, |
| 13 | + but the certificate could not be verified. If we do not prevent the verification of |
| 14 | + the certificate by libxmlsec and the verification fails, then the XML signature will not be |
| 15 | + verified. This would happen, for example, if the root certificate is not installed. |
| 16 | + */ |
| 17 | +/* if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { */ |
| 18 | + if (selected == 1) |
| 19 | + return cert; |
| 20 | } |
| 21 | |
| 22 | return (NULL); |
| Caolán McNamara | 94bc499 | 2009-12-17 13:32:53 +0000 | [diff] [blame] | 23 | --- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-23 10:06:52.989793254 +0200 |
| 24 | +++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-23 10:05:03.183042205 +0200 |
| Kurt Zenker | 618a465 | 2009-10-14 16:21:13 +0000 | [diff] [blame] | 25 | @@ -191,13 +191,27 @@ |
| 26 | continue; |
| 27 | } |
| 28 | |
| 29 | - status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), |
| 30 | - cert, PR_FALSE, |
| 31 | - (SECCertificateUsage)0, |
| 32 | - timeboundary , NULL, NULL, NULL); |
| 33 | - if (status == SECSuccess) { |
| 34 | - break; |
| 35 | - } |
| 36 | + |
| 37 | + /* |
| 38 | + JL: OpenOffice.org implements its own certificate verification routine. |
| Tor Lillqvist | cb6d67c | 2013-05-15 10:42:04 +0300 | [diff] [blame] | 39 | + The goal is to separate validation of the signature |
| Kurt Zenker | 618a465 | 2009-10-14 16:21:13 +0000 | [diff] [blame] | 40 | + and the certificate. For example, OOo could show that the document signature is valid, |
| 41 | + but the certificate could not be verified. If we do not prevent the verification of |
| 42 | + the certificate by libxmlsec and the verification fails, then the XML signature may not be |
| 43 | + verified. This would happen, for example, if the root certificate is not installed. |
| 44 | + |
| 45 | + status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), |
| 46 | + cert, PR_FALSE, |
| 47 | + (SECCertificateUsage)0, |
| 48 | + timeboundary , NULL, NULL, NULL); |
| 49 | + if (status == SECSuccess) { |
| 50 | + break; |
| 51 | + } |
| 52 | + |
| 53 | + */ |
| 54 | + status = SECSuccess; |
| 55 | + break; |
| 56 | + |
| 57 | } |
| 58 | |
| 59 | if (status == SECSuccess) { |