tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3951 

A more complete implementation of the X509_V_FLAG_NO_CHECK_TIME flag was
added to OpenSSL 1.1 as commit d35ff2c0a. Drop our own version and use a
backport of what was committed upstream.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
This commit is contained in:
Qin Long 2016-03-05 23:41:31 +08:00
parent f0e3cd1927
commit e94546e77b
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2f.patch
View File

@ -11,6 +11,19 @@ index 4a715dc..eb61eda 100755
{
$disabled{"gost"} = "forced";
}
diff --git a/apps/apps.c b/apps/apps.c
index 2e77805..e21e759 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,
flags |= X509_V_FLAG_PARTIAL_CHAIN;
else if (!strcmp(arg, "-no_alt_chains"))
flags |= X509_V_FLAG_NO_ALT_CHAINS;
+ else if (!strcmp(arg, "-no_check_time"))
+ flags |= X509_V_FLAG_NO_CHECK_TIME;
else
return 0;
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 35fd44c..9f39bff 100644
--- a/crypto/asn1/a_strex.c
@ -1608,6 +1621,21 @@ index f4a8358..94d3293 100644
/* Error codes for the ZENCOD functions. */
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index 44792f9..7f95d58 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an
alternative chain can be found that is trusted. With this flag set the behaviour
will match that of OpenSSL versions prior to 1.0.2b.
+The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period
+of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()
+is used to specify a verification time, the check is not suppressed.
+
=head1 NOTES
The above functions should be used to manipulate verification parameters
diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod
index dc0e939..fe123bb 100644
--- a/doc/crypto/threads.pod