From 02ee8d3b4cebb319ff1747f9bdc3f6b473d63f3e Mon Sep 17 00:00:00 2001
From: sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Fri, 28 Dec 2012 01:20:57 +0000
Subject: 1. Enable the whole X509v3 extension checking. 2. Replace
 d2i_X509_bio with d2i_X509.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ling Qin <qin.long@intel.com>
Reviewed-by: Ouyang Qian <qian.ouyang@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14026 6f19259b-4bc3-4df7-8a09-765794883524
---
 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

(limited to 'CryptoPkg/Library/OpensslLib')

diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
index a2ba8aeb43..c5f646ee96 100644
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
@@ -260,20 +260,7 @@ Index: crypto/x509/x509_vfy.c
 ===================================================================
 --- crypto/x509/x509_vfy.c	(revision 1)
 +++ crypto/x509/x509_vfy.c	(working copy)
-@@ -386,7 +386,11 @@
- 
- static int check_chain_extensions(X509_STORE_CTX *ctx)
- {
--#ifdef OPENSSL_NO_CHAIN_VERIFY
-+#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
-+  /* 
-+    NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
-+          in Authenticode Signing Certificates. 
-+  */
- 	return 1;
- #else
- 	int i, ok=0, must_be_ca, plen = 0;
-@@ -899,6 +903,10 @@
+@@ -899,6 +899,10 @@
  
  static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
  	{
@@ -284,7 +271,7 @@ Index: crypto/x509/x509_vfy.c
  	time_t *ptime;
  	int i;
  
-@@ -942,6 +950,7 @@
+@@ -942,6 +946,7 @@
  		}
  
  	return 1;
-- 
cgit v1.2.3