vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sbverify: Clear out content for the signature we're building

Browse source 
OpenSSL 1.0.2e now actively checks for both data and contents being present
for a certificate. Clear out contents so that we have only data, and run a
chance of actually verifying the signature.

Bug-Ubuntu: https://launchpad.net/bugs/1526959
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
Mathieu Trudel-Lapierre 2016-01-27 12:18:28 -08:00 committed by James Bottomley
parent 1c9dfe7364
commit f37c1858fc
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/sbverify.c
View file

@ -325,6 +325,10 @@ int main(int argc, char **argv)
flags = PKCS7_BINARY;
/* OpenSSL 1.0.2e no longer allows calling PKCS7_verify with
* both data and content. Empty out the content. */
p7->d.sign->contents->d.ptr = NULL;
X509_STORE_set_verify_cb_func(certs, x509_verify_cb);
rc = PKCS7_verify(p7, NULL, certs, idcbio, NULL, flags);
if (rc) {