Make PKCS7_NOCERTS match documentation.
As documented PKCS7_NOCERTS should only exclude the signer's certificate and not any supplied in the "certs" parameter. This makes it possible to exclude the signer's certificate but include other certificates. Applications that don't want to include other certificates should set "certs" to NULL anyway. (cherry picked from commit 5c6f808b66f1a2e0fb2a508b24b845a88803fe3a)
This commit is contained in:
parent
db305124f3
commit
812b7246d4
1 changed files with 3 additions and 6 deletions
|
@ -89,13 +89,10 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
|
|||
goto err;
|
||||
}
|
||||
|
||||
if(!(flags & PKCS7_NOCERTS))
|
||||
for(i = 0; i < sk_X509_num(certs); i++)
|
||||
{
|
||||
for(i = 0; i < sk_X509_num(certs); i++)
|
||||
{
|
||||
if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
|
||||
goto err;
|
||||
}
|
||||
if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
|
||||
goto err;
|
||||
}
|
||||
|
||||
if(flags & PKCS7_DETACHED)
|
||||
|
|
Loading…
Reference in a new issue