INTEGRATION: CWS xmlsec13 (1.7.8); FILE MERGED

2005/10/25 14:25:03 jl 1.7.8.2: #54495# commented out the verification of certificates 2005/10/24 15:29:01 jl 1.7.8.1: #i54495# removed verification of certificates during signing and signature verificateion on Windows
author: Rüdiger Timm <rt@openoffice.org> 2005-11-11 08:04:53 +0000
committer: Rüdiger Timm <rt@openoffice.org> 2005-11-11 08:04:53 +0000
commit: b6fc114d9d9dd10688f6696411de7e3ffe6f3239 (patch)
tree: e395757aa387217078745162d0c26ed4759b6eb0 /libxmlsec
parent: c3be06d8e215e45e6532655193a3dc262f181dba (diff)
1 files changed, 103 insertions, 76 deletions
diff --git a/libxmlsec/xmlsec1-1.2.6.patch b/libxmlsec/xmlsec1-1.2.6.patch
index f1f56b01dd7f..73c7dd1d6486 100644
--- a/libxmlsec/xmlsec1-1.2.6.patch
+++ b/libxmlsec/xmlsec1-1.2.6.patch
@@ -1,5 +1,5 @@
 *** misc/xmlsec1-1.2.6/apps/Makefile.in	2004-08-26 08:00:30.000000000 +0200
---- misc/build/xmlsec1-1.2.6/apps/Makefile.in	2005-05-09 19:54:13.132635976 +0200
+--- misc/build/xmlsec1-1.2.6/apps/Makefile.in	2005-10-25 16:17:20.634475000 +0200
 ***************
 *** 370,376 ****
   	$(CRYPTO_DEPS) \
@@ -18,7 +18,7 @@
   .SUFFIXES:
   .SUFFIXES: .c .lo .o .obj
 *** misc/xmlsec1-1.2.6/configure	2004-08-26 08:00:34.000000000 +0200
---- misc/build/xmlsec1-1.2.6/configure	2005-05-09 19:54:13.176632266 +0200
+--- misc/build/xmlsec1-1.2.6/configure	2005-10-25 16:17:20.772126000 +0200
 ***************
 *** 24598,24604 ****
   fi
@@ -107,7 +107,7 @@
           	    NSS_LIBS="$NSS_LIBS_LIST"
                   else
 *** misc/xmlsec1-1.2.6/configure.in	2004-08-26 04:49:24.000000000 +0200
---- misc/build/xmlsec1-1.2.6/configure.in	2005-05-09 19:54:13.179632013 +0200
+--- misc/build/xmlsec1-1.2.6/configure.in	2005-10-25 16:17:20.814870000 +0200
 ***************
 *** 143,149 ****
   dnl find libxml
@@ -195,8 +195,8 @@
           	dnl do not add -L/usr/lib because compiler does it anyway
       		if test "z$dir" = "z/usr/lib" ; then
           	    NSS_LIBS="$NSS_LIBS_LIST"
-*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h	2005-05-09 19:55:57.192859540 +0200
---- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h	2005-05-09 19:54:13.180631929 +0200
+*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h	2005-10-25 16:18:25.340902000 +0200
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h	2005-10-25 16:17:20.841803000 +0200
 ***************
 *** 1 ****
 ! dummy
@@ -273,7 +273,7 @@
 ! 
 ! 
 *** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h	2003-09-26 08:12:46.000000000 +0200
---- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h	2005-05-09 19:54:13.180631929 +0200
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h	2005-10-25 16:17:20.858299000 +0200
 ***************
 *** 77,82 ****
 --- 77,97 ----
@@ -298,8 +298,8 @@
   
   #endif /* XMLSEC_NO_X509 */
   
-*** misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h	2005-05-09 19:55:57.148863251 +0200
---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h	2005-05-09 19:54:13.181631844 +0200
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h	2005-10-25 16:18:25.229244000 +0200
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h	2005-10-25 16:17:20.875018000 +0200
 ***************
 *** 1 ****
 ! dummy
@@ -360,7 +360,7 @@
 ! 
 ! 
 *** misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h	2004-01-12 22:06:14.000000000 +0100
---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h	2005-05-09 19:54:13.181631844 +0200
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h	2005-10-25 16:17:20.889868000 +0200
 ***************
 *** 22,27 ****
 --- 22,30 ----
@@ -384,8 +384,8 @@
   XMLSEC_CRYPTO_EXPORT int 		xmlSecNssAppDefaultKeysMngrLoad	(xmlSecKeysMngrPtr mngr,
   									 const char* uri);
   XMLSEC_CRYPTO_EXPORT int 		xmlSecNssAppDefaultKeysMngrSave	(xmlSecKeysMngrPtr mngr,
-*** misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h	2005-05-09 19:55:57.165861817 +0200
---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h	2005-05-09 19:54:13.182631760 +0200
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h	2005-10-25 16:18:25.265581000 +0200
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h	2005-10-25 16:17:20.905418000 +0200
 ***************
 *** 1 ****
 ! dummy
@@ -426,7 +426,7 @@
 ! 
 ! 
 *** misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h	2004-01-12 22:06:14.000000000 +0100
---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h	2005-05-09 19:54:13.183631676 +0200
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h	2005-10-25 16:17:20.923715000 +0200
 ***************
 *** 264,269 ****
 --- 264,278 ----
@@ -446,7 +446,7 @@
   
   
 *** misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h	2003-07-30 04:46:35.000000000 +0200
---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h	2005-05-09 19:54:13.183631676 +0200
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h	2005-10-25 16:17:20.942697000 +0200
 ***************
 *** 16,21 ****
 --- 16,23 ----
@@ -470,7 +470,7 @@
   								 const char *uri,
   								 xmlSecKeysMngrPtr keysMngr);
 *** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am	2003-07-30 04:46:35.000000000 +0200
---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am	2005-05-09 19:54:13.184631591 +0200
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am	2005-10-25 16:17:20.957132000 +0200
 ***************
 *** 3,8 ****
 --- 3,9 ----
@@ -493,7 +493,7 @@
   
   install-exec-hook:
 *** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in	2004-08-26 08:00:31.000000000 +0200
---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in	2005-05-09 19:54:13.184631591 +0200
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in	2005-10-25 16:17:20.973183000 +0200
 ***************
 *** 273,278 ****
 --- 273,279 ----
@@ -515,8 +515,8 @@
   $(NULL)
   
   all: all-am
-*** misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h	2005-05-09 19:55:57.178860721 +0200
---- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h	2005-05-09 19:54:13.185631507 +0200
+*** misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h	2005-10-25 16:18:25.300302000 +0200
+--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h	2005-10-25 16:17:20.993128000 +0200
 ***************
 *** 1 ****
 ! dummy
@@ -703,8 +703,8 @@
 ! 
 ! #endif	/* __XMLSEC_NSS_TOKENS_H__ */
 ! 
-*** misc/xmlsec1-1.2.6/libxml2-config	2005-05-09 19:55:57.284851780 +0200
---- misc/build/xmlsec1-1.2.6/libxml2-config	2005-05-09 19:54:13.186631423 +0200
+*** misc/xmlsec1-1.2.6/libxml2-config	2005-10-25 16:18:25.601600000 +0200
+--- misc/build/xmlsec1-1.2.6/libxml2-config	2005-10-25 16:17:21.011964000 +0200
 ***************
 *** 1 ****
 ! dummy
@@ -714,7 +714,7 @@
 ! if test "$SYSTEM_LIBXML" = "YES"
 ! then xml2-config "$@"; exit 0
 ! fi
-!
+! 
 ! prefix=${SOLARVERSION}/${INPATH}
 ! includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external
 ! libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}
@@ -758,7 +758,7 @@
 ! 
 ! exit 0
 *** misc/xmlsec1-1.2.6/ltmain.sh	2004-08-26 08:00:15.000000000 +0200
---- misc/build/xmlsec1-1.2.6/ltmain.sh	2005-05-09 19:55:51.745319024 +0200
+--- misc/build/xmlsec1-1.2.6/ltmain.sh	2005-10-25 16:17:21.048414000 +0200
 ***************
 *** 2994,3006 ****
   	  ;;
@@ -807,7 +807,7 @@
   	    elif test -n "$runpath_var"; then
   	      case "$perm_rpath " in
 *** misc/xmlsec1-1.2.6/src/bn.c	2004-06-21 20:33:27.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/bn.c	2005-05-09 19:54:13.188631254 +0200
+--- misc/build/xmlsec1-1.2.6/src/bn.c	2005-10-25 16:17:21.104130000 +0200
 ***************
 *** 170,177 ****
    */
@@ -1374,7 +1374,7 @@
   
       return(0);
 *** misc/xmlsec1-1.2.6/src/dl.c	2003-10-29 16:57:20.000000000 +0100
---- misc/build/xmlsec1-1.2.6/src/dl.c	2005-05-09 19:54:13.189631170 +0200
+--- misc/build/xmlsec1-1.2.6/src/dl.c	2005-10-25 16:17:21.132133000 +0200
 ***************
 *** 329,334 ****
 --- 329,338 ----
@@ -1400,8 +1400,8 @@
   }
   
 --- 354,359 ----
-*** misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c	2005-05-09 19:55:57.223856925 +0200
---- misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c	2005-05-09 19:54:13.190631085 +0200
+*** misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c	2005-10-25 16:18:25.432191000 +0200
+--- misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c	2005-10-25 16:17:21.153999000 +0200
 ***************
 *** 1 ****
 ! dummy
@@ -1642,7 +1642,7 @@
 ! }
 ! 
 *** misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c	2004-03-17 06:06:43.000000000 +0100
---- misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c	2005-05-09 19:54:13.192630917 +0200
+--- misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c	2005-10-25 16:17:21.185564000 +0200
 ***************
 *** 41,46 ****
 --- 41,47 ----
@@ -2320,7 +2320,7 @@
   
   static xmlSecKeyDataType
 *** misc/xmlsec1-1.2.6/src/mscrypto/crypto.c	2003-11-12 03:38:51.000000000 +0100
---- misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c	2005-05-09 19:54:13.193630832 +0200
+--- misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c	2005-10-25 16:17:21.223719000 +0200
 ***************
 *** 330,342 ****
   BYTE* 
@@ -2353,7 +2353,7 @@
       }
   	
 *** misc/xmlsec1-1.2.6/src/mscrypto/x509.c	2003-09-26 02:58:13.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c	2005-05-09 19:54:13.195630664 +0200
+--- misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c	2005-10-25 16:17:21.247567000 +0200
 ***************
 *** 1572,1577 ****
 --- 1572,1578 ----
@@ -2522,7 +2522,7 @@
       return(res);
   }
 *** misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c	2003-09-27 05:12:22.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c	2005-05-09 19:54:13.197630495 +0200
+--- misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c	2005-10-25 16:17:21.279608000 +0200
 ***************
 *** 125,130 ****
 --- 125,131 ----
@@ -2781,7 +2781,7 @@
       }
   
       return (NULL);
---- 417,463 ----
+--- 417,477 ----
       xmlSecAssert2(certs != NULL, NULL);
       xmlSecAssert2(keyInfoCtx != NULL, NULL);
   
@@ -2823,15 +2823,29 @@
 ! 			continue ;
 ! 		}
 ! 
-! 		if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) {
-! 		    return( cert ) ;
-! 		}
+!         //JL: OpenOffice.org implements its own certificate verification routine. 
+! 		//The goal is to seperate validation of the signature
+! 		//and the certificate. For example, OOo could show that the document signature is valid,
+! 		//but the certificate could not be verified. If we do not prevent the verification of
+! 		//the certificate by libxmlsec and the verification fails, then the XML signature will not be 
+! 		//verified. This would happen, for example, if the root certificate is not installed.
+! 		//
+! 		//In the store schould only be the certificate from the X509Certificate element 
+! 		//and the X509IssuerSerial element. The latter is only there
+! 		//if the certificate is installed. Both certificates must be the same!
+! 		//In case of writing the signature, the store contains only the certificate that
+! 		//was created based on the information from the X509IssuerSerial element.
+!         return cert;
+!         
+! // 		if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) {
+! // 		    return( cert ) ;
+! // 		}
       }
   
       return (NULL);
 ***************
 *** 458,466 ****
---- 517,642 ----
+--- 531,656 ----
       return(0);
   }
   
@@ -2996,7 +3010,7 @@
       return(0);    
   }
   
---- 644,747 ----
+--- 658,761 ----
   
       memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
   
@@ -3103,7 +3117,7 @@
   
 ***************
 *** 567,576 ****
---- 811,851 ----
+--- 825,865 ----
   
       if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) {
   	xmlSecBn issuerSerialBn;	
@@ -3147,7 +3161,7 @@
   	    xmlSecError(XMLSEC_ERRORS_HERE,
 ***************
 *** 578,583 ****
---- 853,859 ----
+--- 867,873 ----
   			"xmlSecBnInitialize",
   			XMLSEC_ERRORS_R_XMLSEC_FAILED,
   			XMLSEC_ERRORS_NO_MESSAGE);
@@ -3183,7 +3197,7 @@
   						  PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
   						  0,
   						  CERT_FIND_ISSUER_NAME,
---- 865,894 ----
+--- 879,908 ----
   			XMLSEC_ERRORS_R_XMLSEC_FAILED,
   			XMLSEC_ERRORS_NO_MESSAGE);
   	    xmlSecBnFinalize(&issuerSerialBn);
@@ -3226,7 +3240,7 @@
   	    }
   	}
   	xmlFree(cName);
---- 902,910 ----
+--- 916,924 ----
   	    if((pCert->pCertInfo != NULL) && 
   	       (pCert->pCertInfo->SerialNumber.pbData != NULL) && 
   	       (pCert->pCertInfo->SerialNumber.cbData > 0) && 
@@ -3236,8 +3250,8 @@
   	    }
   	}
   	xmlFree(cName);
-*** misc/xmlsec1-1.2.6/src/nss/akmngr.c	2005-05-09 19:55:57.206858359 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/akmngr.c	2005-05-09 19:54:13.199630327 +0200
+*** misc/xmlsec1-1.2.6/src/nss/akmngr.c	2005-10-25 16:18:25.389481000 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/akmngr.c	2005-10-25 16:17:21.304210000 +0200
 ***************
 *** 1 ****
 ! dummy
@@ -3624,7 +3638,7 @@
 ! }
 ! 
 *** misc/xmlsec1-1.2.6/src/nss/ciphers.c	2003-09-26 02:58:15.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/ciphers.c	2005-05-09 19:54:13.204629905 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/ciphers.c	2005-10-25 16:17:21.328096000 +0200
 ***************
 *** 1,838 ****
 ! /** 
@@ -5418,7 +5432,7 @@
 ! 
   
 *** misc/xmlsec1-1.2.6/src/nss/crypto.c	2003-10-29 16:57:25.000000000 +0100
---- misc/build/xmlsec1-1.2.6/src/nss/crypto.c	2005-05-09 19:54:13.204629905 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/crypto.c	2005-10-25 16:17:21.351900000 +0200
 ***************
 *** 130,135 ****
 --- 130,136 ----
@@ -5472,7 +5486,7 @@
       return(gXmlSecNssFunctions);
   }
 *** misc/xmlsec1-1.2.6/src/nss/digests.c	2003-09-26 02:58:15.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/digests.c	2005-05-09 19:54:13.205629821 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/digests.c	2005-10-25 16:17:21.370700000 +0200
 ***************
 *** 21,27 ****
   #include <xmlsec/transforms.h>
@@ -5569,7 +5583,7 @@
   	    }
   	    xmlSecAssert2(ctx->dgstSize > 0, -1);
 *** misc/xmlsec1-1.2.6/src/nss/hmac.c	2003-09-26 02:58:15.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/hmac.c	2005-05-09 19:54:13.206629736 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/hmac.c	2005-10-25 16:17:21.390043000 +0200
 ***************
 *** 23,30 ****
   #include <xmlsec/transforms.h>
@@ -5704,7 +5718,7 @@
   	    }
   	    xmlSecAssert2(dgstSize > 0, -1);
 *** misc/xmlsec1-1.2.6/src/nss/keysstore.c	2003-09-26 02:58:15.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/keysstore.c	2005-05-09 19:54:13.209629483 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/keysstore.c	2005-10-25 16:17:21.413968000 +0200
 ***************
 *** 1,119 ****
   /** 
@@ -6771,8 +6785,8 @@
 !     return(0);
   }
 + 
-*** misc/xmlsec1-1.2.6/src/nss/keytrans.c	2005-05-09 19:55:57.237855744 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/keytrans.c	2005-05-09 19:54:13.211629315 +0200
+*** misc/xmlsec1-1.2.6/src/nss/keytrans.c	2005-10-25 16:18:25.468032000 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/keytrans.c	2005-10-25 16:17:21.438771000 +0200
 ***************
 *** 1 ****
 ! dummy
@@ -7521,8 +7535,8 @@
 ! 
 ! #endif /* XMLSEC_NO_RSA */
 ! 
-*** misc/xmlsec1-1.2.6/src/nss/keywrapers.c	2005-05-09 19:55:57.250854648 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c	2005-05-09 19:54:13.215628977 +0200
+*** misc/xmlsec1-1.2.6/src/nss/keywrapers.c	2005-10-25 16:18:25.504246000 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c	2005-10-25 16:17:21.466009000 +0200
 ***************
 *** 1 ****
 ! dummy
@@ -8725,7 +8739,7 @@
 ! #endif /* XMLSEC_NO_DES */
 ! 
 *** misc/xmlsec1-1.2.6/src/nss/Makefile.am	2003-09-16 11:43:03.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/Makefile.am	2005-05-09 19:54:13.215628977 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/Makefile.am	2005-10-25 16:17:21.489704000 +0200
 ***************
 *** 20,40 ****
   	$(NULL)
@@ -8773,7 +8787,7 @@
   
   libxmlsec1_nss_la_LIBADD = \
 *** misc/xmlsec1-1.2.6/src/nss/Makefile.in	2004-08-26 08:00:32.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/Makefile.in	2005-05-09 19:54:51.856370203 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/Makefile.in	2005-10-25 16:17:21.509251000 +0200
 ***************
 *** 54,62 ****
   	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
@@ -8898,7 +8912,7 @@
   @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
   @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
 *** misc/xmlsec1-1.2.6/src/nss/pkikeys.c	2004-03-17 06:06:45.000000000 +0100
---- misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c	2005-05-09 19:54:13.227627965 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c	2005-10-25 16:17:21.544776000 +0200
 ***************
 *** 5,10 ****
 --- 5,11 ----
@@ -9698,7 +9712,7 @@
       return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
   }
 *** misc/xmlsec1-1.2.6/src/nss/signatures.c	2003-09-26 02:58:15.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/signatures.c	2005-05-09 19:54:13.228627881 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/signatures.c	2005-10-25 16:17:21.571881000 +0200
 ***************
 *** 199,205 ****
   			xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -9836,7 +9850,7 @@
   	    }
   
 *** misc/xmlsec1-1.2.6/src/nss/symkeys.c	2003-07-21 05:12:52.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/symkeys.c	2005-05-09 19:54:13.232627544 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/symkeys.c	2005-10-25 16:17:21.596579000 +0200
 ***************
 *** 15,192 ****
   #include <stdio.h>
@@ -11167,8 +11181,8 @@
    *
    * Sets the value of HMAC key data.
    *
-*** misc/xmlsec1-1.2.6/src/nss/tokens.c	2005-05-09 19:55:57.269853046 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/tokens.c	2005-05-09 19:54:13.234627375 +0200
+*** misc/xmlsec1-1.2.6/src/nss/tokens.c	2005-10-25 16:18:25.541431000 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/tokens.c	2005-10-25 16:17:21.620811000 +0200
 ***************
 *** 1 ****
 ! dummy
@@ -11718,7 +11732,7 @@
 ! }
 ! 
 *** misc/xmlsec1-1.2.6/src/nss/x509.c	2003-09-26 05:53:09.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/x509.c	2005-05-09 19:54:13.237627122 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/x509.c	2005-10-25 16:17:21.646598000 +0200
 ***************
 *** 34,40 ****
   #include <xmlsec/keys.h>
@@ -12827,7 +12841,7 @@
       SECItem *sn;
 --- 1701,1706 ----
 *** misc/xmlsec1-1.2.6/src/nss/x509vfy.c	2003-09-26 02:58:15.000000000 +0200
---- misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c	2005-05-09 19:54:13.239626954 +0200
+--- misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c	2005-10-25 16:17:42.779455000 +0200
 ***************
 *** 30,35 ****
 --- 30,36 ----
@@ -13047,12 +13061,12 @@
   	if (!CERT_LIST_END(head1, certs)) {
 ! 	    continue;
   	}
-  
-  	status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), 
-  					cert, PR_FALSE, 
-  					(SECCertificateUsage)0,
+! 
+! 	status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), 
+! 					cert, PR_FALSE, 
+! 					(SECCertificateUsage)0,
 !                 			timeboundary , NULL, NULL, NULL);
-  	if (status == SECSuccess) {
+! 	if (status == SECSuccess) {
 ! 	    break;
   	}
 -     }
@@ -13109,7 +13123,7 @@
    *
    * Adds trusted (root) or untrusted certificate to the store.
    *
---- 140,256 ----
+--- 140,269 ----
    */ 
   CERTCertificate * 	
   xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
@@ -13164,14 +13178,27 @@
   	if (!CERT_LIST_END(head1, certs)) {
 ! 		continue;
   	}
-  
-  	status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), 
-  					cert, PR_FALSE, 
-  					(SECCertificateUsage)0,
-! 							timeboundary , NULL, NULL, NULL);
-  	if (status == SECSuccess) {
-! 		break;
-! 	}
+!     //JL: OpenOffice.org implements its own certificate verification routine. 
+!     //The goal is to seperate validation of the signature
+!     //and the certificate. For example, OOo could show that the document signature is valid,
+!     //but the certificate could not be verified. If we do not prevent the verification of
+!     //the certificate by libxmlsec and the verification fails, then the XML signature may not be 
+!     //verified. This would happen, for example, if the root certificate is not installed.
+!     //
+!     //In the store schould only be the certificate from the X509Certificate element 
+!     //and the X509IssuerSerial element. The latter is only there
+!     //if the certificate is installed. Both certificates must be the same!
+!     //In case of writing the signature, the store contains only the certificate that
+!     //was created based on the information from the X509IssuerSerial element.
+!     status = SECSuccess;
+!     break;
+! //	status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), 
+! //					cert, PR_FALSE, 
+! //					(SECCertificateUsage)0,
+! //							timeboundary , NULL, NULL, NULL);
+! //	if (status == SECSuccess) {
+! //		break;
+! //	} 
   	}
   
 ! 	if (status == SECSuccess) {
@@ -13296,7 +13323,7 @@
   }
   
   
---- 258,324 ----
+--- 271,337 ----
    */
   int
   xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
@@ -13742,7 +13769,7 @@
 - #endif /* XMLSEC_NO_X509 */
   
   
---- 333,545 ----
+--- 346,558 ----
    */
   static CERTCertificate*		
   xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, 
@@ -13957,7 +13984,7 @@
 + #endif /* XMLSEC_NO_X509 */
   
 *** misc/xmlsec1-1.2.6/win32/Makefile.msvc	2004-06-09 16:35:12.000000000 +0200
---- misc/build/xmlsec1-1.2.6/win32/Makefile.msvc	2005-05-09 19:54:13.240626869 +0200
+--- misc/build/xmlsec1-1.2.6/win32/Makefile.msvc	2005-10-25 16:17:21.695816000 +0200
 ***************
 *** 223,228 ****
 --- 223,232 ----
author	Rüdiger Timm <rt@openoffice.org>	2005-11-11 08:04:53 +0000
committer	Rüdiger Timm <rt@openoffice.org>	2005-11-11 08:04:53 +0000
commit	b6fc114d9d9dd10688f6696411de7e3ffe6f3239 (patch)
tree	e395757aa387217078745162d0c26ed4759b6eb0 /libxmlsec
parent	c3be06d8e215e45e6532655193a3dc262f181dba (diff)