[rs-commit] r421 - /mod_cms_verify/trunk/mod_cms_verify.c

[rs-commit at redwax.eu]

Author: dirkx at redwax.eu
Date: Sat Aug  7 18:53:40 2021
New Revision: 421

Log:
Allow any purpose; as most CA's these days tighten up the purpose field.

Modified:
    mod_cms_verify/trunk/mod_cms_verify.c

Modified: mod_cms_verify/trunk/mod_cms_verify.c
==============================================================================
--- mod_cms_verify/trunk/mod_cms_verify.c	(original)
+++ mod_cms_verify/trunk/mod_cms_verify.c	Sat Aug  7 18:53:40 2021
@@ -56,8 +56,8 @@
 #include "apr_general.h"
 #include "util_filter.h"
 
-#define DEFAULT_MD (NID_sha256)
-#define HANDLER "cmsverify"
+#define DEFAULT_MD     (NID_sha256)
+#define HANDLER        "cmsverify"
 #define MAX_PKCS7_SIZE (128 * 1024)
 
 #define STRINGIFY(x) #x
@@ -116,11 +116,13 @@
 
     if (
 	((conf->other_certs = sk_X509_new(NULL)) == NULL) ||
-	((conf->trusted_certs = X509_STORE_new()) == NULL)
-	) {
+	((conf->trusted_certs = X509_STORE_new()) == NULL) ||
+        ((X509_STORE_set_purpose(conf->trusted_certs, X509_PURPOSE_ANY)) != 1)
+    ) {
 	ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, HANDLER ": out of memory");
 	return NULL;
     };
+
     apr_pool_cleanup_register(p, conf, verify_config_rec_cleanup, apr_pool_cleanup_null);
     return conf;
 }
@@ -145,7 +147,6 @@
     verify_config_rec *new = _create_dir_config(p, NULL);
     verify_config_rec *add = (verify_config_rec *) addv;
     verify_config_rec *base = (verify_config_rec *) basev;
-
 
     _merge_X509_STORE(new->trusted_certs, base->trusted_certs);
     _merge_X509_STORE(new->trusted_certs, base->trusted_certs);
@@ -238,6 +239,7 @@
 		      ERR_reason_error_string(ERR_get_error()));
 	goto exit;
     };
+
     ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, HANDLER ": valid signature, subject=<%s>.", dn);
 
     const char *ptr = NULL;