618a465336
2009-10-01 15:20:03 +0200 jl r276605 : #1004856# moved to xmlsec1-mingw32.patch 2009-10-01 10:51:24 +0200 jl r276580 : #1004856# build keymgr with mingw 2009-10-01 10:50:52 +0200 jl r276579 : #1004856# build keymgr with mingw 2009-10-01 10:37:28 +0200 jl r276578 : #1004856# do not build xmlsec1 app 2009-09-29 16:01:31 +0200 jl r276532 : #1004856# Using libxml2 from solver if available 2009-09-26 16:31:32 +0200 jl r276477 : #i104856# xmlsec1-mscrypto-1 is now xmlsec1-mscrypto 2009-09-25 17:05:26 +0200 jl r276470 : CWS-TOOLING: rebase CWS jl135_nss to trunk@276429 (milestone: DEV300:m60) 2009-09-24 12:57:10 +0200 jl r276419 : #i104856# libxmlsec update 2009-09-24 12:46:58 +0200 jl r276418 : #i104856# fixing mac configure problem in configure.in and regenerating configure 2009-09-23 16:49:54 +0200 jl r276405 : i#104856# configure failed on mac 2009-09-23 10:21:35 +0200 jl r276369 : #i104856# adapting patches to apply cleanly and readme change 2009-09-21 13:45:47 +0200 jl r276326 : #i104856 updating to 1.2.12, using changes patches from cmc made on xmlsec1_2_12 2009-09-21 11:27:46 +0200 jl r276319 : #i105183# forget to uncomment PATCH_FILES 2009-09-18 17:41:20 +0200 jl r276296 : #i105183# update of nss libs
59 lines
2.4 KiB
Diff
59 lines
2.4 KiB
Diff
--- misc/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.12/src/mscrypto/x509vfy.c 2009-09-23 10:01:07.237316078 +0200
|
|
@@ -559,9 +559,16 @@
|
|
CertFreeCertificateContext(nextCert);
|
|
}
|
|
|
|
- if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
|
|
- return(cert);
|
|
- }
|
|
+ /* JL: OpenOffice.org implements its own certificate verification routine.
|
|
+ The goal is to seperate validation of the signature
|
|
+ and the certificate. For example, OOo could show that the document signature is valid,
|
|
+ but the certificate could not be verified. If we do not prevent the verification of
|
|
+ the certificate by libxmlsec and the verification fails, then the XML signature will not be
|
|
+ verified. This would happen, for example, if the root certificate is not installed.
|
|
+ */
|
|
+/* if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { */
|
|
+ if (selected == 1)
|
|
+ return cert;
|
|
}
|
|
|
|
return (NULL);
|
|
--- misc/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-23 10:06:52.989793254 +0200
|
|
+++ misc/build/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-23 10:05:03.183042205 +0200
|
|
@@ -191,13 +191,27 @@
|
|
continue;
|
|
}
|
|
|
|
- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
|
|
- cert, PR_FALSE,
|
|
- (SECCertificateUsage)0,
|
|
- timeboundary , NULL, NULL, NULL);
|
|
- if (status == SECSuccess) {
|
|
- break;
|
|
- }
|
|
+
|
|
+ /*
|
|
+ JL: OpenOffice.org implements its own certificate verification routine.
|
|
+ The goal is to seperate validation of the signature
|
|
+ and the certificate. For example, OOo could show that the document signature is valid,
|
|
+ but the certificate could not be verified. If we do not prevent the verification of
|
|
+ the certificate by libxmlsec and the verification fails, then the XML signature may not be
|
|
+ verified. This would happen, for example, if the root certificate is not installed.
|
|
+
|
|
+ status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
|
|
+ cert, PR_FALSE,
|
|
+ (SECCertificateUsage)0,
|
|
+ timeboundary , NULL, NULL, NULL);
|
|
+ if (status == SECSuccess) {
|
|
+ break;
|
|
+ }
|
|
+
|
|
+ */
|
|
+ status = SECSuccess;
|
|
+ break;
|
|
+
|
|
}
|
|
|
|
if (status == SECSuccess) {
|