projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: db30512)
Make PKCS7_NOCERTS match documentation.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 2 Jun 2014 12:40:00 +0000 (13:40 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 2 Jun 2014 12:53:51 +0000 (13:53 +0100)
As documented PKCS7_NOCERTS should only exclude the signer's certificate
and not any supplied in the "certs" parameter. This makes it possible to
exclude the signer's certificate but include other certificates. Applications
that don't want to include other certificates should set "certs" to NULL
anyway.
(cherry picked from commit 5c6f808b66f1a2e0fb2a508b24b845a88803fe3a)

crypto/pkcs7/pk7_smime.c patch | blob | history

diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index a5104f8d05af7d826c5dd4c01e52ae3b9294499e..42899a82c4e95a976aeca26ca6d87e884784f1ab 100644 (file)
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -89,13 +89,10 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                goto err;
                }
 
-       if(!(flags & PKCS7_NOCERTS))
+       for(i = 0; i < sk_X509_num(certs); i++)
                {
-               for(i = 0; i < sk_X509_num(certs); i++)
-                       {
-                       if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
-                               goto err;
-                       }
+               if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
+                       goto err;
                }
 
        if(flags & PKCS7_DETACHED)
Unnamed repository; edit this file 'description' to name the repository.