Unapplying patches to prevent spurious conflicts.

author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> 2015-05-06 09:49:30 -0400
committer: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> 2015-05-06 09:49:30 -0400
commit: 2283f5e85dbc78dd10810cb6ebfa39e61ab6759e (patch)
tree: 88017c6acfa326ebaab2d7a4935534f65a36db9b /Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
parent: 3967dc652453e47ecd5f21a55bb687be15c59e9c (diff)
download: efi-boot-shim-2283f5e85dbc78dd10810cb6ebfa39e61ab6759e.tar.gz
efi-boot-shim-2283f5e85dbc78dd10810cb6ebfa39e61ab6759e.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
index b87617ac..af12520f 100755
--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
@@ -386,7 +386,11 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 
 static int check_chain_extensions(X509_STORE_CTX *ctx)
 {
-#ifdef OPENSSL_NO_CHAIN_VERIFY
+#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
+  /* 
+    NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
+          in Authenticode Signing Certificates. 
+  */
 	return 1;
 #else
 	int i, ok=0, must_be_ca, plen = 0;
author	Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>	2015-05-06 09:49:30 -0400
committer	Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>	2015-05-06 09:49:30 -0400
commit	2283f5e85dbc78dd10810cb6ebfa39e61ab6759e (patch)
tree	88017c6acfa326ebaab2d7a4935534f65a36db9b /Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
parent	3967dc652453e47ecd5f21a55bb687be15c59e9c (diff)
download	efi-boot-shim-2283f5e85dbc78dd10810cb6ebfa39e61ab6759e.tar.gz efi-boot-shim-2283f5e85dbc78dd10810cb6ebfa39e61ab6759e.zip