Allow reordering of certificates when signing.

Add certificates if -nocerts and -certfile specified when signing
in smime application. This can be used this to specify the
order certificates appear in the PKCS#7 structure: some broken
applications require a certain ordering.

PR#3316
(cherry picked from commit e114abee9ec084a56c1d6076ac6de8a7a3a5cf34)

diff --git a/apps/smime.c b/apps/smime.c
index d1fe32d31b3f57268697f4e489545bf7c489008e..d1ee48937e6d8b2b31fabc5ad09f9938423e413b 100644 (file)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -704,6 +704,14 @@ int MAIN(int argc, char **argv)
                        p7 = PKCS7_sign(NULL, NULL, other, in, flags);
                        if (!p7)
                                goto end;
+                       if (flags & PKCS7_NOCERTS)
+                               {
+                               for (i = 0; i < sk_X509_num(other); i++)
+                                       {
+                                       X509 *x = sk_X509_value(other, i);
+                                       PKCS7_add_certificate(p7, x);
+                                       }
+                               }
                        }
                else
                        flags |= PKCS7_REUSE_DIGEST;