diff options
| author | Rob Austein <sra@hactrn.net> | 2008-03-14 22:06:30 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-03-14 22:06:30 +0000 |
| commit | 25f556debe5b73d69b8f02507129fc59dd1621d6 (patch) | |
| tree | f4ce18a44bcb50caa196cc79cfddf9f77b623702 | |
| parent | 9c59fe2457635cecb44665e5d6dc0dc24e3aa721 (diff) | |
Allow CMS signature without the signing cert.
svn path=/pow/POW-0.7/POW.c; revision=1555
| -rw-r--r-- | pow/POW-0.7/POW.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/pow/POW-0.7/POW.c b/pow/POW-0.7/POW.c index c8e49be8..d8c34133 100644 --- a/pow/POW-0.7/POW.c +++ b/pow/POW-0.7/POW.c @@ -6328,18 +6328,25 @@ PKCS7_object_sign(pkcs7_object *self, PyObject *args) STACK_OF(X509) *x509_stack = NULL; EVP_PKEY *pkey = NULL; char *buf = NULL; - int len, size = 0, i; + int len, size = 0, i, flags = PKCS7_BINARY | PKCS7_NOATTR; BIO *bio = NULL; PKCS7 *p7 = NULL; + X509 *x509 = NULL; - - if (!PyArg_ParseTuple(args, "O!O!Os#", &x509type, &signcert, &asymmetrictype, &signkey, &x509_sequence, &buf, &len)) + if (!PyArg_ParseTuple(args, "OO!Os#", + &signcert, + &asymmetrictype, &signkey, + &x509_sequence, + &buf, &len)) goto error; + if ( !X_X509_Check( signcert ) && !PyNone_Check( signcert )) + { PyErr_SetString( PyExc_TypeError, "inapropriate type" ); goto error; } + if (signkey->key_type != RSA_PRIVATE_KEY) { PyErr_SetString( SSLErrorObject, "unsupported key type" ); goto error; } - if ( !( PyTuple_Check( x509_sequence ) || PyList_Check(x509_sequence) ) ) + if ( !PyTuple_Check( x509_sequence ) && !PyList_Check( x509_sequence ) ) { PyErr_SetString( PyExc_TypeError, "inapropriate type" ); goto error; } size = PySequence_Size( x509_sequence ); @@ -6370,7 +6377,12 @@ PKCS7_object_sign(pkcs7_object *self, PyObject *args) if ( !(bio = BIO_new_mem_buf(buf, len))) goto error; - if ( !(p7 = PKCS7_sign(signcert->x509, pkey, x509_stack, bio, PKCS7_BINARY))) + if ( PyNone_Check( signcert ) ) + flags |= PKCS7_NOCERTS; + else + x509 = signcert->x509; + + if ( !(p7 = PKCS7_sign(x509, pkey, x509_stack, bio, flags))) { set_openssl_pyerror( "could not sign PKCS7 message" ); goto error; } if (self->pkcs7) |