diff options
| author | Gabor Kelemen <kelemeng@ubuntu.com> | 2022-04-05 14:35:48 +0200 |
|---|---|---|
| committer | Gabor Kelemen <kelemeng@ubuntu.com> | 2022-04-05 14:35:48 +0200 |
| commit | cb53bee61713cd02364d64dc4906e3be1ff324a1 (patch) | |
| tree | 6f5dd61185b42fa2128e3a3aec930eb21d091b54 | |
| parent | 280f94caa6ce372de6c5278241622eef948db43a (diff) | |
Revert "only use X509Data"
This reverts commit 5c494aa3c72b1f833999bdc55a7cdf9403678f87.
Not helpful in itself, revert until all xmlsecurity is backported
| -rw-r--r-- | xmlsecurity/inc/xmlsec-wrapper.h | 4 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 4 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 4 |
3 files changed, 0 insertions, 12 deletions
diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h index 476c51b3f964..c060c8bf23b8 100644 --- a/xmlsecurity/inc/xmlsec-wrapper.h +++ b/xmlsecurity/inc/xmlsec-wrapper.h @@ -43,10 +43,6 @@ #include <xmlsec/nss/app.h> #include <xmlsec/nss/crypto.h> #include <xmlsec/nss/pkikeys.h> -#include <xmlsec/nss/x509.h> -#endif -#ifdef XMLSEC_CRYPTO_MSCRYPTO -#include <xmlsec/mscrypto/x509.h> #endif #endif diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx index 118ddcbf8696..6b16efd46752 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx @@ -229,10 +229,6 @@ SAL_CALL XMLSignature_MSCryptImpl::validate( // We do certificate verification ourselves. pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; - // limit possible key data to valid X509 certificates only, no KeyValues - if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCryptoKeyDataX509GetKlass()) < 0) - throw RuntimeException("failed to limit allowed key data"); - //Verify signature //The documentation says that the signature is only valid if the return value is 0 (that is, not < 0) //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx index c4e21d791c2d..e50daa47e868 100644 --- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx @@ -244,10 +244,6 @@ SAL_CALL XMLSignature_NssImpl::validate( // We do certificate verification ourselves. pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; - // limit possible key data to valid X509 certificates only, no KeyValues - if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0) - throw RuntimeException("failed to limit allowed key data"); - //Verify signature int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode ); |