diff --git a/NEWS b/NEWS index 708229b1e..3161b0e97 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,7 @@ Bug fixes - [core] avoid exception on recent GNUstep when attached file has no filename (#4702) - [core] avoid generating broken DTSTART for the freebusy.ifb file (#4289) - [core] consider DAVx5 like Apple Calendar (#4304) + - [core] improve handling of signer certificate (#4742) 4.0.7 (2019-02-27) ------------------ diff --git a/SoObjects/Mailer/NSData+SMIME.m b/SoObjects/Mailer/NSData+SMIME.m index 1245ca2f2..2976b4635 100644 --- a/SoObjects/Mailer/NSData+SMIME.m +++ b/SoObjects/Mailer/NSData+SMIME.m @@ -381,12 +381,11 @@ // // // -- (NSData *) convertPKCS7ToPEM +- (NSData *) signersFromPKCS7 { NSData *output; STACK_OF(X509) *certs = NULL; - STACK_OF(X509_CRL) *crls = NULL; BIO *ibio, *obio; BUF_MEM *bptr; PKCS7 *p7; @@ -412,27 +411,7 @@ // We output everything in PEM obio = BIO_new(BIO_s_mem()); - i = OBJ_obj2nid(p7->type); - switch (i) - { - case NID_pkcs7_signed: - if (p7->d.sign != NULL) - { - certs = p7->d.sign->cert; - crls = p7->d.sign->crl; - } - break; - case NID_pkcs7_signedAndEnveloped: - if (p7->d.signed_and_enveloped != NULL) - { - certs = p7->d.signed_and_enveloped->cert; - crls = p7->d.signed_and_enveloped->crl; - } - break; - default: - break; - } - + certs = PKCS7_get0_signers(p7, NULL, 0); if (certs != NULL) { X509 *x; @@ -444,18 +423,6 @@ BIO_puts(obio, "\n"); } } - if (crls != NULL) - { - X509_CRL *crl; - - for (i = 0; i < sk_X509_CRL_num(crls); i++) - { - crl = sk_X509_CRL_value(crls, i); - X509_CRL_print(obio, crl); - PEM_write_bio_X509_CRL(obio, crl); - BIO_puts(obio, "\n"); - } - } BIO_get_mem_ptr(obio, &bptr); diff --git a/SoObjects/Mailer/SOGoDraftObject.m b/SoObjects/Mailer/SOGoDraftObject.m index bae451dbd..a0a07ab9b 100644 --- a/SoObjects/Mailer/SOGoDraftObject.m +++ b/SoObjects/Mailer/SOGoDraftObject.m @@ -1803,7 +1803,7 @@ static NSString *userAgent = nil; lookupName: @"Contacts" inContext: context acquire: NO]; - certificate = [[contactFolders certificateForEmail: theRecipient] convertPKCS7ToPEM]; + certificate = [[contactFolders certificateForEmail: theRecipient] signersFromPKCS7]; } else certificate = [[self mailAccountFolder] certificate]; diff --git a/UI/Contacts/UIxContactActions.m b/UI/Contacts/UIxContactActions.m index 8485dc8b1..aebebe9b1 100644 --- a/UI/Contacts/UIxContactActions.m +++ b/UI/Contacts/UIxContactActions.m @@ -160,7 +160,7 @@ if (pkcs7) { - data = [[pkcs7 convertPKCS7ToPEM] certificateDescription]; + data = [[pkcs7 signersFromPKCS7] certificateDescription]; if (data) { response = [self responseWithStatus: 200 andJSONRepresentation: data]; diff --git a/UI/MailPartViewers/UIxMailPartSignedViewer.m b/UI/MailPartViewers/UIxMailPartSignedViewer.m index 4f3dc36a2..9422e186c 100644 --- a/UI/MailPartViewers/UIxMailPartSignedViewer.m +++ b/UI/MailPartViewers/UIxMailPartSignedViewer.m @@ -119,7 +119,7 @@ NSString *subject, *issuer; X509 *x; - certs = p7->d.sign->cert; + certs = PKCS7_get0_signers(p7, NULL, 0); for (i = 0; i < sk_X509_num(certs); i++) {