From 62f0afa2ecead02b1258dabab8097ca278a22f8f Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Wed, 21 Sep 2016 20:29:42 -0400 Subject: Import upstream version 0.9+1474479173.6c180c6 --- Cryptlib/Pk/CryptX509.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'Cryptlib/Pk/CryptX509.c') diff --git a/Cryptlib/Pk/CryptX509.c b/Cryptlib/Pk/CryptX509.c index 70b135a7..7dc45967 100644 --- a/Cryptlib/Pk/CryptX509.c +++ b/Cryptlib/Pk/CryptX509.c @@ -14,7 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include - +#include /** Construct a X509 object from DER-encoded certificate data. @@ -245,6 +245,7 @@ X509GetSubjectName ( BOOLEAN Status; X509 *X509Cert; X509_NAME *X509Name; + UINTN X509NameSize; // // Check input parameters. @@ -274,13 +275,14 @@ X509GetSubjectName ( goto _Exit; } - if (*SubjectSize < (UINTN) X509Name->bytes->length) { - *SubjectSize = (UINTN) X509Name->bytes->length; + X509NameSize = i2d_X509_NAME(X509Name, NULL); + if (*SubjectSize < X509NameSize) { + *SubjectSize = X509NameSize; goto _Exit; } - *SubjectSize = (UINTN) X509Name->bytes->length; + *SubjectSize = X509NameSize; if (CertSubject != NULL) { - CopyMem (CertSubject, (UINT8 *) X509Name->bytes->data, *SubjectSize); + i2d_X509_NAME(X509Name, &CertSubject); Status = TRUE; } @@ -461,6 +463,13 @@ X509VerifyCert ( goto _Exit; } + // + // Allow partial certificate chains, terminated by a non-self-signed but + // still trusted intermediate certificate. Also disable time checks. + // + X509_STORE_set_flags (CertStore, + X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME); + // // Set up X509_STORE_CTX for the subsequent verification operation. // -- cgit v1.2.3