From 812b7246d4b4033361342b2ef34fd24e73303add Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 2 Jun 2014 13:40:00 +0100 Subject: [PATCH] Make PKCS7_NOCERTS match documentation. As documented PKCS7_NOCERTS should only exclude the signer's certificate and not any supplied in the "certs" parameter. This makes it possible to exclude the signer's certificate but include other certificates. Applications that don't want to include other certificates should set "certs" to NULL anyway. (cherry picked from commit 5c6f808b66f1a2e0fb2a508b24b845a88803fe3a) --- crypto/pkcs7/pk7_smime.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index a5104f8d05..42899a82c4 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -89,13 +89,10 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, goto err; } - if(!(flags & PKCS7_NOCERTS)) + for(i = 0; i < sk_X509_num(certs); i++) { - for(i = 0; i < sk_X509_num(certs); i++) - { - if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) - goto err; - } + if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) + goto err; } if(flags & PKCS7_DETACHED) -- 2.25.1