Changeset View
Changeset View
Standalone View
Standalone View
sbsigntool/files/patch-src-sbverify.c
- This file was added.
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:keywords | null | FreeBSD=%H \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
--- src/sbverify.c.orig 2012-10-11 17:15:11.000000000 -0700 | |||||
+++ src/sbverify.c 2021-01-05 20:52:29.847511000 -0800 | |||||
@@ -123,9 +123,9 @@ | |||||
for (i = 0; i < sk_X509_num(p7->d.sign->cert); i++) { | |||||
cert = sk_X509_value(p7->d.sign->cert, i); | |||||
- X509_NAME_oneline(cert->cert_info->subject, | |||||
+ X509_NAME_oneline(X509_get_subject_name(cert), | |||||
subject_name, cert_name_len); | |||||
- X509_NAME_oneline(cert->cert_info->issuer, | |||||
+ X509_NAME_oneline(X509_get_issuer_name(cert), | |||||
issuer_name, cert_name_len); | |||||
printf(" - subject: %s\n", subject_name); | |||||
@@ -136,20 +136,26 @@ | |||||
static void print_certificate_store_certs(X509_STORE *certs) | |||||
{ | |||||
char subject_name[cert_name_len + 1], issuer_name[cert_name_len + 1]; | |||||
+ STACK_OF(X509_OBJECT) *objs; | |||||
X509_OBJECT *obj; | |||||
+ X509 *cert; | |||||
int i; | |||||
printf("certificate store:\n"); | |||||
- for (i = 0; i < sk_X509_OBJECT_num(certs->objs); i++) { | |||||
- obj = sk_X509_OBJECT_value(certs->objs, i); | |||||
+ objs = X509_STORE_get0_objects(certs); | |||||
- if (obj->type != X509_LU_X509) | |||||
+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { | |||||
+ obj = sk_X509_OBJECT_value(objs, i); | |||||
+ | |||||
+ if (X509_OBJECT_get_type(obj) != X509_LU_X509) | |||||
continue; | |||||
- X509_NAME_oneline(obj->data.x509->cert_info->subject, | |||||
+ cert = X509_OBJECT_get0_X509(obj); | |||||
+ | |||||
+ X509_NAME_oneline(X509_get_subject_name(cert), | |||||
subject_name, cert_name_len); | |||||
- X509_NAME_oneline(obj->data.x509->cert_info->issuer, | |||||
+ X509_NAME_oneline(X509_get_issuer_name(cert), | |||||
issuer_name, cert_name_len); | |||||
printf(" - subject: %s\n", subject_name); | |||||
@@ -182,12 +188,21 @@ | |||||
static int cert_in_store(X509 *cert, X509_STORE_CTX *ctx) | |||||
{ | |||||
- X509_OBJECT obj; | |||||
+ STACK_OF(X509_OBJECT) *objs; | |||||
+ X509_OBJECT *obj; | |||||
+ int i; | |||||
- obj.type = X509_LU_X509; | |||||
- obj.data.x509 = cert; | |||||
+ objs = X509_STORE_get0_objects(X509_STORE_CTX_get0_store(ctx)); | |||||
- return X509_OBJECT_retrieve_match(ctx->ctx->objs, &obj) != NULL; | |||||
+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { | |||||
+ obj = sk_X509_OBJECT_value(objs, i); | |||||
+ | |||||
+ if (X509_OBJECT_get_type(obj) == X509_LU_X509 && | |||||
+ !X509_cmp(X509_OBJECT_get0_X509(obj), cert)) | |||||
+ return 1; | |||||
+ } | |||||
+ | |||||
+ return 0; | |||||
} | |||||
static int x509_verify_cb(int status, X509_STORE_CTX *ctx) | |||||
@@ -195,15 +210,17 @@ | |||||
int err = X509_STORE_CTX_get_error(ctx); | |||||
/* also accept code-signing keys */ | |||||
- if (err == X509_V_ERR_INVALID_PURPOSE | |||||
- && ctx->cert->ex_xkusage == XKU_CODE_SIGN) | |||||
+ if (err == X509_V_ERR_INVALID_PURPOSE && | |||||
+ X509_get_extended_key_usage(X509_STORE_CTX_get0_cert(ctx)) | |||||
+ == XKU_CODE_SIGN) | |||||
status = 1; | |||||
/* all certs given with the --cert argument are trusted */ | |||||
else if (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY || | |||||
+ err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT || | |||||
err == X509_V_ERR_CERT_UNTRUSTED) { | |||||
- if (cert_in_store(ctx->current_cert, ctx)) | |||||
+ if (cert_in_store(X509_STORE_CTX_get_current_cert(ctx), ctx)) | |||||
status = 1; | |||||
} | |||||