@@ -772,6 +772,8 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
772
772
int contTypeLen ;
773
773
WOLFSSL_X509 * signer = NULL ;
774
774
WOLFSSL_STACK * signers = NULL ;
775
+ X509_STORE_CTX * ctx = NULL ;
776
+
775
777
776
778
WOLFSSL_ENTER ("wolfSSL_PKCS7_verify" );
777
779
@@ -804,24 +806,37 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
804
806
return WOLFSSL_FAILURE ;
805
807
}
806
808
809
+ ctx = X509_STORE_CTX_new ();
810
+ if (ctx == NULL ) {
811
+ WOLFSSL_MSG ("Error allocating X509 Store Context" );
812
+ return WOLFSSL_FAILURE ;
813
+ }
814
+
807
815
signers = wolfSSL_PKCS7_get0_signers (pkcs7 , certs , flags );
808
816
if (signers == NULL ) {
809
817
WOLFSSL_MSG ("No signers found to verify" );
818
+ wolfSSL_X509_STORE_CTX_free (ctx );
810
819
return WOLFSSL_FAILURE ;
811
820
}
821
+
812
822
for (i = 0 ; i < wolfSSL_sk_X509_num (signers ); i ++ ) {
813
823
signer = wolfSSL_sk_X509_value (signers , i );
814
-
815
- if (wolfSSL_CertManagerVerifyBuffer (store -> cm ,
816
- signer -> derCert -> buffer ,
817
- signer -> derCert -> length ,
818
- WOLFSSL_FILETYPE_ASN1 ) != WOLFSSL_SUCCESS ) {
824
+ if (wolfSSL_X509_STORE_CTX_init (ctx , store , signer , NULL )
825
+ != WOLFSSL_SUCCESS ) {
826
+ WOLFSSL_MSG ("Failed to initialize X509 STORE CTX" );
827
+ wolfSSL_sk_X509_pop_free (signers , NULL );
828
+ wolfSSL_X509_STORE_CTX_free (ctx );
829
+ return WOLFSSL_FAILURE ;
830
+ }
831
+ if (wolfSSL_X509_verify_cert (ctx ) != WOLFSSL_SUCCESS ) {
819
832
WOLFSSL_MSG ("Failed to verify signer certificate" );
820
833
wolfSSL_sk_X509_pop_free (signers , NULL );
834
+ wolfSSL_X509_STORE_CTX_free (ctx );
821
835
return WOLFSSL_FAILURE ;
822
836
}
823
837
}
824
838
wolfSSL_sk_X509_pop_free (signers , NULL );
839
+ wolfSSL_X509_STORE_CTX_free (ctx );
825
840
}
826
841
827
842
if (flags & PKCS7_TEXT ) {
0 commit comments