summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnas Nashif <anas.nashif@intel.com>2012-11-22 10:31:57 -0800
committerAnas Nashif <anas.nashif@intel.com>2012-11-22 11:05:24 -0800
commit99f7699912b74f1b838bf5bf32ba3f983f323e97 (patch)
tree64d7bf284c9853fc24d77545b1442ab98c65cbac
parent5b008ed678c3dfb9a7759e0ee55f94ae2aa879d3 (diff)
downloadxmlsec1-99f7699912b74f1b838bf5bf32ba3f983f323e97.tar.gz
xmlsec1-99f7699912b74f1b838bf5bf32ba3f983f323e97.tar.bz2
xmlsec1-99f7699912b74f1b838bf5bf32ba3f983f323e97.zip
-rw-r--r--include/xmlsec/keyinfo.h11
-rw-r--r--packaging/xmlsec1.spec2
-rw-r--r--src/openssl/x509vfy.c12
-rw-r--r--xmlsec-openssl.pc.in2
-rw-r--r--xmlsec.pc.in2
5 files changed, 21 insertions, 8 deletions
diff --git a/include/xmlsec/keyinfo.h b/include/xmlsec/keyinfo.h
index dbea0e56..9b26f3dc 100644
--- a/include/xmlsec/keyinfo.h
+++ b/include/xmlsec/keyinfo.h
@@ -152,6 +152,17 @@ typedef enum {
*/
#define XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS 0x00004000
+/**
+ * XMLSEC_KEYINFO_FLAGS_SKIP_VERIFY_CHAIN:
+ *
+ * If the flag is set then we wont stop document validation
+ * on certificate chain error. Instead of stopping validation
+ * we'll just set flag XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN
+ * as flags2 value.
+ */
+#define XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN 0x00008000
+#define XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN 0x00000001
+
/**
* xmlSecKeyInfoCtx:
* @userData: the pointer to user data (xmlsec and xmlsec-crypto
diff --git a/packaging/xmlsec1.spec b/packaging/xmlsec1.spec
index 74d0d6f7..0d9d2375 100644
--- a/packaging/xmlsec1.spec
+++ b/packaging/xmlsec1.spec
@@ -84,7 +84,7 @@ make %{?_smp_mflags}
%files gcrypt
-%{_libdir}/libxmlsec1-gcrypt.so.*
+#%{_libdir}/libxmlsec1-gcrypt.so.*
%files openssl
%{_libdir}/libxmlsec1-openssl.so.*
diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c
index 40264c0d..3b6c6af8 100644
--- a/src/openssl/x509vfy.c
+++ b/src/openssl/x509vfy.c
@@ -310,7 +310,6 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509*
X509_VERIFY_PARAM_set_flags(vpm, vpm_flags);
#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
-
X509_STORE_CTX_init (&xsc, ctx->xst, cert, certs2);
if(keyInfoCtx->certsVerificationTime > 0) {
@@ -325,14 +324,17 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509*
X509_STORE_CTX_set0_param(&xsc, vpm);
#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
-
ret = X509_verify_cert(&xsc);
err_cert = X509_STORE_CTX_get_current_cert(&xsc);
err = X509_STORE_CTX_get_error(&xsc);
depth = X509_STORE_CTX_get_error_depth(&xsc);
-
- X509_STORE_CTX_cleanup (&xsc);
-
+ X509_STORE_CTX_cleanup (&xsc);
+
+ if(ret != 1 && keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN){
+ ret = 1;
+ keyInfoCtx->flags2 |= XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN;
+ }
+
if(ret == 1) {
res = cert;
goto done;
diff --git a/xmlsec-openssl.pc.in b/xmlsec-openssl.pc.in
index 31fe2611..a1009c8d 100644
--- a/xmlsec-openssl.pc.in
+++ b/xmlsec-openssl.pc.in
@@ -7,5 +7,5 @@ Name: xmlsec1-openssl
Version: @VERSION@
Description: XML Security Library implements XML Signature and XML Encryption standards
Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
-Cflags: -DXMLSEC_CRYPTO=\\\"openssl\\\" @XMLSEC_OPENSSL_CFLAGS@
+Cflags: -DXMLSEC_CRYPTO=openssl @XMLSEC_OPENSSL_CFLAGS@
Libs: @XMLSEC_OPENSSL_LIBS@
diff --git a/xmlsec.pc.in b/xmlsec.pc.in
index 2207b27d..7b607b61 100644
--- a/xmlsec.pc.in
+++ b/xmlsec.pc.in
@@ -7,5 +7,5 @@ Name: xmlsec1
Version: @VERSION@
Description: XML Security Library implements XML Signature and XML Encryption standards
Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
-Cflags: -DXMLSEC_CRYPTO=\\\"@XMLSEC_CRYPTO@\\\" -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 @XMLSEC_CORE_CFLAGS@
+Cflags: -DXMLSEC_CRYPTO="@XMLSEC_CRYPTO@" -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 @XMLSEC_CORE_CFLAGS@
Libs: -L${libdir} @XMLSEC_CORE_LIBS@