summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnas Nashif <anas.nashif@intel.com>2013-09-23 07:49:26 (GMT)
committerAnas Nashif <anas.nashif@intel.com>2013-09-23 08:25:22 (GMT)
commit07d62412cf2891883d1a7d79e6f50e282793dd49 (patch)
tree73ab7b1a50e9e7060f8a4614e391fbd09c20f326
parent0dd87be2031855367eb1550538c1d62226137c02 (diff)
downloadxmlsec1-07d62412cf2891883d1a7d79e6f50e282793dd49.zip
xmlsec1-07d62412cf2891883d1a7d79e6f50e282793dd49.tar.gz
xmlsec1-07d62412cf2891883d1a7d79e6f50e282793dd49.tar.bz2
Change-Id: I567ca343602cf4230d21cd126b507ebb4d6436d4 Signed-off-by: Anas Nashif <anas.nashif@intel.com>
-rw-r--r--include/xmlsec/keyinfo.h4
-rw-r--r--src/openssl/x509vfy.c4
2 files changed, 8 insertions, 0 deletions
diff --git a/include/xmlsec/keyinfo.h b/include/xmlsec/keyinfo.h
index 5d7cf0e..19dcbb9 100644
--- a/include/xmlsec/keyinfo.h
+++ b/include/xmlsec/keyinfo.h
@@ -154,6 +154,10 @@ typedef enum {
*/
#define XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS 0x00004000
+
+#define XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN 0x00008000
+#define XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN 0x00000001
+
/**
* xmlSecKeyInfoCtx:
* @userData: the pointer to user data (xmlsec and xmlsec-crypto
diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c
index fe51da4..b5273a4 100644
--- a/src/openssl/x509vfy.c
+++ b/src/openssl/x509vfy.c
@@ -332,6 +332,10 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509*
depth = X509_STORE_CTX_get_error_depth(&xsc);
X509_STORE_CTX_cleanup (&xsc);
+ if(ret != 1 && keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN){
+ ret = 1;
+ keyInfoCtx->flags2 |= XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN;
+ }
if(ret == 1) {
res = cert;