Bump for 4.0-11
[LibreOffice.git] / libxmlsec / xmlsec1-noverify.patch
blobc51540caa2aa4ff483b95e255459ed71527bddbf
1 --- misc/xmlsec1-1.2.14/src/mscrypto/x509vfy.c 2009-06-25 22:53:18.000000000 +0200
2 +++ misc/build/xmlsec1-1.2.14/src/mscrypto/x509vfy.c 2009-09-23 10:01:07.237316078 +0200
3 @@ -567,9 +567,16 @@
4 CertFreeCertificateContext(nextCert);
7 - if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
8 - return(cert);
9 - }
10 + /* JL: OpenOffice.org implements its own certificate verification routine.
11 + The goal is to seperate validation of the signature
12 + and the certificate. For example, OOo could show that the document signature is valid,
13 + but the certificate could not be verified. If we do not prevent the verification of
14 + the certificate by libxmlsec and the verification fails, then the XML signature will not be
15 + verified. This would happen, for example, if the root certificate is not installed.
16 + */
17 +/* if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { */
18 + if (selected == 1)
19 + return cert;
22 return (NULL);
23 --- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-23 10:06:52.989793254 +0200
24 +++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-23 10:05:03.183042205 +0200
25 @@ -191,13 +191,27 @@
26 continue;
29 - status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
30 - cert, PR_FALSE,
31 - (SECCertificateUsage)0,
32 - timeboundary , NULL, NULL, NULL);
33 - if (status == SECSuccess) {
34 - break;
35 - }
37 + /*
38 + JL: OpenOffice.org implements its own certificate verification routine.
39 + The goal is to seperate validation of the signature
40 + and the certificate. For example, OOo could show that the document signature is valid,
41 + but the certificate could not be verified. If we do not prevent the verification of
42 + the certificate by libxmlsec and the verification fails, then the XML signature may not be
43 + verified. This would happen, for example, if the root certificate is not installed.
45 + status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
46 + cert, PR_FALSE,
47 + (SECCertificateUsage)0,
48 + timeboundary , NULL, NULL, NULL);
49 + if (status == SECSuccess) {
50 + break;
51 + }
53 + */
54 + status = SECSuccess;
55 + break;
59 if (status == SECSuccess) {