CWS-TOOLING: integrate CWS jl135_nss

2009-10-01 15:20:03 +0200 jl  r276605 : #1004856# moved to xmlsec1-mingw32.patch
2009-10-01 10:51:24 +0200 jl  r276580 : #1004856# build keymgr with mingw
2009-10-01 10:50:52 +0200 jl  r276579 : #1004856# build keymgr with mingw
2009-10-01 10:37:28 +0200 jl  r276578 : #1004856# do not build xmlsec1 app
2009-09-29 16:01:31 +0200 jl  r276532 : #1004856# Using libxml2 from solver if available
2009-09-26 16:31:32 +0200 jl  r276477 : #i104856# xmlsec1-mscrypto-1 is now xmlsec1-mscrypto
2009-09-25 17:05:26 +0200 jl  r276470 : CWS-TOOLING: rebase CWS jl135_nss to trunk@276429 (milestone: DEV300:m60)
2009-09-24 12:57:10 +0200 jl  r276419 : #i104856# libxmlsec update
2009-09-24 12:46:58 +0200 jl  r276418 : #i104856# fixing mac configure problem in configure.in and regenerating configure
2009-09-23 16:49:54 +0200 jl  r276405 : i#104856# configure failed on mac
2009-09-23 10:21:35 +0200 jl  r276369 : #i104856# adapting patches to apply cleanly and readme change
2009-09-21 13:45:47 +0200 jl  r276326 : #i104856 updating to 1.2.12, using changes patches from cmc made on xmlsec1_2_12
2009-09-21 11:27:46 +0200 jl  r276319 : #i105183# forget to uncomment PATCH_FILES
2009-09-18 17:41:20 +0200 jl  r276296 : #i105183# update of nss libs

1 files changed, 59 insertions, 0 deletions

diff --git a/libxmlsec/xmlsec1-noverify.patch b/libxmlsec/xmlsec1-noverify.patch
new file mode 100644
index 000000000000..0015c8e62e7a
--- /dev/null
+++ b/libxmlsec/xmlsec1-noverify.patch
@@ -0,0 +1,59 @@
+--- misc/xmlsec1-1.2.12/src/mscrypto/x509vfy.c	2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/x509vfy.c	2009-09-23 10:01:07.237316078 +0200
+@@ -559,9 +559,16 @@
+             CertFreeCertificateContext(nextCert);                
+         }
+ 
+-        if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
+-            return(cert);
+-        }
++        /* JL: OpenOffice.org implements its own certificate verification routine. 
++           The goal is to seperate validation of the signature
++           and the certificate. For example, OOo could show that the document signature is valid,
++           but the certificate could not be verified. If we do not prevent the verification of
++           the certificate by libxmlsec and the verification fails, then the XML signature will not be 
++           verified. This would happen, for example, if the root certificate is not installed.                
++         */
++/*      if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { */
++        if (selected == 1)
++            return cert;
+     }
+ 
+     return (NULL);
+--- misc/xmlsec1-1.2.12/src/nss/x509vfy.c	2009-09-23 10:06:52.989793254 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/x509vfy.c	2009-09-23 10:05:03.183042205 +0200
+@@ -191,13 +191,27 @@
+ 	    continue;
+ 	}
+ 
+-	status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), 
+-					cert, PR_FALSE, 
+-					(SECCertificateUsage)0,
+-                			timeboundary , NULL, NULL, NULL);
+-	if (status == SECSuccess) {
+-	    break;
+-	}
++
++	/*
++      JL: OpenOffice.org implements its own certificate verification routine. 
++      The goal is to seperate validation of the signature
++      and the certificate. For example, OOo could show that the document signature is valid,
++      but the certificate could not be verified. If we do not prevent the verification of
++      the certificate by libxmlsec and the verification fails, then the XML signature may not be 
++      verified. This would happen, for example, if the root certificate is not installed.
++      
++      status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), 
++          cert, PR_FALSE, 
++          (SECCertificateUsage)0,
++          timeboundary , NULL, NULL, NULL);
++      if (status == SECSuccess) {
++         break;
++      }
++	 
++    */
++	status = SECSuccess;
++	break;
++
+     }
+ 
+     if (status == SECSuccess) {