5 files changed, 21 insertions, 8 deletions

diff --git a/include/xmlsec/keyinfo.h b/include/xmlsec/keyinfo.h
index dbea0e56..9b26f3dc 100644
--- a/include/xmlsec/keyinfo.h
+++ b/include/xmlsec/keyinfo.h
@@ -152,6 +152,17 @@ typedef enum {
  */
 #define XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS	0x00004000
 
+/** 
+ * XMLSEC_KEYINFO_FLAGS_SKIP_VERIFY_CHAIN:
+ *
+ * If the flag is set then we wont stop document validation
+ * on certificate chain error. Instead of stopping validation
+ * we'll just set flag XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN
+ * as flags2 value.
+ */
+#define XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN  0x00008000
+#define XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN  0x00000001
+
 /**		
  * xmlSecKeyInfoCtx:
  * @userData:		the pointer to user data (xmlsec and xmlsec-crypto 
diff --git a/packaging/xmlsec1.spec b/packaging/xmlsec1.spec
index 74d0d6f7..0d9d2375 100644
--- a/packaging/xmlsec1.spec
+++ b/packaging/xmlsec1.spec
@@ -84,7 +84,7 @@ make %{?_smp_mflags}
 
 
 %files gcrypt
-%{_libdir}/libxmlsec1-gcrypt.so.*
+#%{_libdir}/libxmlsec1-gcrypt.so.*
 
 %files openssl
 %{_libdir}/libxmlsec1-openssl.so.*
diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c
index 40264c0d..3b6c6af8 100644
--- a/src/openssl/x509vfy.c
+++ b/src/openssl/x509vfy.c
@@ -310,7 +310,6 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509*
 	    X509_VERIFY_PARAM_set_flags(vpm, vpm_flags);
 #endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
     
-
 	    X509_STORE_CTX_init (&xsc, ctx->xst, cert, certs2);
 
 	    if(keyInfoCtx->certsVerificationTime > 0) {	
@@ -325,14 +324,17 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509*
 	    X509_STORE_CTX_set0_param(&xsc, vpm);	    
 #endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
 
-	    
 	    ret 	= X509_verify_cert(&xsc); 
 	    err_cert 	= X509_STORE_CTX_get_current_cert(&xsc);
 	    err	 	= X509_STORE_CTX_get_error(&xsc);
 	    depth	= X509_STORE_CTX_get_error_depth(&xsc);
-	    
-	    X509_STORE_CTX_cleanup (&xsc);  
-	    
+        X509_STORE_CTX_cleanup (&xsc);
+
+        if(ret != 1 && keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN){
+            ret = 1;
+            keyInfoCtx->flags2 |= XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN;
+        }
+
 	    if(ret == 1) {
 		res = cert;
 		goto done;
diff --git a/xmlsec-openssl.pc.in b/xmlsec-openssl.pc.in
index 31fe2611..a1009c8d 100644
--- a/xmlsec-openssl.pc.in
+++ b/xmlsec-openssl.pc.in
@@ -7,5 +7,5 @@ Name: xmlsec1-openssl
 Version: @VERSION@
 Description: XML Security Library implements XML Signature and XML Encryption standards
 Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ 
-Cflags: -DXMLSEC_CRYPTO=\\\"openssl\\\" @XMLSEC_OPENSSL_CFLAGS@
+Cflags: -DXMLSEC_CRYPTO=openssl @XMLSEC_OPENSSL_CFLAGS@
 Libs: @XMLSEC_OPENSSL_LIBS@
diff --git a/xmlsec.pc.in b/xmlsec.pc.in
index 2207b27d..7b607b61 100644
--- a/xmlsec.pc.in
+++ b/xmlsec.pc.in
@@ -7,5 +7,5 @@ Name: xmlsec1
 Version: @VERSION@
 Description: XML Security Library implements XML Signature and XML Encryption standards
 Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ 
-Cflags: -DXMLSEC_CRYPTO=\\\"@XMLSEC_CRYPTO@\\\" -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 @XMLSEC_CORE_CFLAGS@
+Cflags: -DXMLSEC_CRYPTO="@XMLSEC_CRYPTO@" -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 @XMLSEC_CORE_CFLAGS@
 Libs: -L${libdir} @XMLSEC_CORE_LIBS@