sbverify: Clear out content for the signature we're building
OpenSSL 1.0.2e now actively checks for both data and contents being present for a certificate. Clear out contents so that we have only data, and run a chance of actually verifying the signature. Bug-Ubuntu: https://launchpad.net/bugs/1526959 Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
parent
1c9dfe7364
commit
f37c1858fc
1 changed files with 4 additions and 0 deletions
|
@ -325,6 +325,10 @@ int main(int argc, char **argv)
|
||||||
|
|
||||||
flags = PKCS7_BINARY;
|
flags = PKCS7_BINARY;
|
||||||
|
|
||||||
|
/* OpenSSL 1.0.2e no longer allows calling PKCS7_verify with
|
||||||
|
* both data and content. Empty out the content. */
|
||||||
|
p7->d.sign->contents->d.ptr = NULL;
|
||||||
|
|
||||||
X509_STORE_set_verify_cb_func(certs, x509_verify_cb);
|
X509_STORE_set_verify_cb_func(certs, x509_verify_cb);
|
||||||
rc = PKCS7_verify(p7, NULL, certs, idcbio, NULL, flags);
|
rc = PKCS7_verify(p7, NULL, certs, idcbio, NULL, flags);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
|
|
Loading…
Reference in a new issue