(fix) improve handling of signer certificate (fixes #4742)

2019-05-08 08:09:14 -04:00 · 2019-05-08 08:09:14 -04:00 · 0e038a62fd
parent b2974d7753
commit 0e038a62fd
5 changed files with 6 additions and 38 deletions
--- a/1
+++ b/1
@ -21,6 +21,7 @@ Bug fixes
 - [core] avoid exception on recent GNUstep when attached file has no filename (#4702)
 - [core] avoid generating broken DTSTART for the freebusy.ifb file (#4289)
 - [core] consider DAVx5 like Apple Calendar (#4304)
+ - [core] improve handling of signer certificate (#4742)

 4.0.7 (2019-02-27)
 ------------------
--- a/SoObjects/Mailer/NSData+SMIME.m
+++ b/SoObjects/Mailer/NSData+SMIME.m
@ -381,12 +381,11 @@
 //
 //
 //
- (NSData *) convertPKCS7ToPEM
+- (NSData *) signersFromPKCS7
 {
  NSData *output;

  STACK_OF(X509) *certs = NULL;
-  STACK_OF(X509_CRL) *crls = NULL;
  BIO *ibio, *obio;
  BUF_MEM *bptr;
  PKCS7 *p7;
@ -412,27 +411,7 @@
  // We output everything in PEM
  obio = BIO_new(BIO_s_mem());

-  i = OBJ_obj2nid(p7->type);
-  switch (i)
-    {
-    case NID_pkcs7_signed:
-      if (p7->d.sign != NULL)
-        {
-          certs = p7->d.sign->cert;
-          crls = p7->d.sign->crl;
-        }
-      break;
-    case NID_pkcs7_signedAndEnveloped:
-      if (p7->d.signed_and_enveloped != NULL)
-        {
-          certs = p7->d.signed_and_enveloped->cert;
-          crls = p7->d.signed_and_enveloped->crl;
-        }
-      break;
-    default:
-      break;
-    }
-
+  certs = PKCS7_get0_signers(p7, NULL, 0);
  if (certs != NULL)
    {
      X509 *x;
@ -444,18 +423,6 @@
          BIO_puts(obio, "\n");
        }
    }
-  if (crls != NULL)
-    {
-      X509_CRL *crl;
-
-    for (i = 0; i < sk_X509_CRL_num(crls); i++)
-      {
-        crl = sk_X509_CRL_value(crls, i);
-        X509_CRL_print(obio, crl);
-        PEM_write_bio_X509_CRL(obio, crl);
-        BIO_puts(obio, "\n");
-      }
-    }

  BIO_get_mem_ptr(obio, &bptr);

--- a/SoObjects/Mailer/SOGoDraftObject.m
+++ b/SoObjects/Mailer/SOGoDraftObject.m
@ -1803,7 +1803,7 @@ static NSString    *userAgent      = nil;
                                  lookupName: @"Contacts"
                                   inContext: context
                                     acquire: NO];
-          certificate = [[contactFolders certificateForEmail: theRecipient] convertPKCS7ToPEM];
+          certificate = [[contactFolders certificateForEmail: theRecipient] signersFromPKCS7];
        }
      else
        certificate =  [[self mailAccountFolder] certificate];
--- a/UI/Contacts/UIxContactActions.m
+++ b/UI/Contacts/UIxContactActions.m
@ -160,7 +160,7 @@

  if (pkcs7)
    {
-      data = [[pkcs7 convertPKCS7ToPEM] certificateDescription];
+      data = [[pkcs7 signersFromPKCS7] certificateDescription];
      if (data)
        {
          response = [self responseWithStatus: 200  andJSONRepresentation: data];
--- a/UI/MailPartViewers/UIxMailPartSignedViewer.m
+++ b/UI/MailPartViewers/UIxMailPartSignedViewer.m
@ -119,7 +119,7 @@
          NSString *subject, *issuer;
 	  X509 *x;
 	  
-	  certs = p7->d.sign->cert;
+	  certs = PKCS7_get0_signers(p7, NULL, 0);

          for (i = 0; i < sk_X509_num(certs); i++)
            {