From ac9ca8b4e7904365dd0e37b0599f2f66b289ed46 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 1 May 2008 07:07:28 +0000 Subject: Simplify BSC and start adding BPKI CRL support; the latter doesn't work yet due to an apparent bug in OpenSSL (CMS_add0_crl() dumps core). If through some bizzare twist of fate we revive the idea of allowing CA certs in CMS messages, this is the change that will need to be (partly) backed out. svn path=/docs/left-right-xml; revision=1730 --- pow/POW-0.7/POW.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) (limited to 'pow/POW-0.7') diff --git a/pow/POW-0.7/POW.c b/pow/POW-0.7/POW.c index ca6af89e..5a92acdb 100644 --- a/pow/POW-0.7/POW.c +++ b/pow/POW-0.7/POW.c @@ -6857,7 +6857,6 @@ CMS_object_sign(cms_object *self, PyObject *args) BIO *bio = NULL; CMS_ContentInfo *cms = NULL; ASN1_OBJECT *econtent_type = NULL; - X509_CRL *crl = NULL; if (!PyArg_ParseTuple(args, "O!O!s#|OOsI", &x509type, &signcert, @@ -6926,27 +6925,20 @@ CMS_object_sign(cms_object *self, PyObject *args) assert_no_unhandled_openssl_errors(); if (crl_sequence != Py_None) { - if (!PyTuple_Check(crl_sequence) && !PyList_Check(crl_sequence)) lose_type_error("inapropriate type"); - n = PySequence_Size( crl_sequence ); - for (i = 0; i < n; i++) { if ( !(crlobj = (x509_crl_object *) PySequence_GetItem(crl_sequence, i))) goto error; - if (!X_X509_crl_Check(crlobj)) lose_type_error("inappropriate type"); - - if ( !(crl = X509_CRL_dup(crlobj->crl))) - lose_type_error("couldn't clone CRL"); - + if (!crlobj->crl) + lose("CRL object with null crl field!"); assert_no_unhandled_openssl_errors(); - - if (!CMS_add0_crl(self->cms, crl)) + if (!CMS_add0_crl(self->cms, crlobj->crl)) lose_openssl_error("could not add CRL to CMS"); - + CRYPTO_add(&crlobj->crl->references, 1, CRYPTO_LOCK_X509_CRL); Py_DECREF(crlobj); crlobj = NULL; } -- cgit v1.2.3