equal
deleted
inserted
replaced
470 |
470 |
471 // verify certificate |
471 // verify certificate |
472 if (X509_verify_cert(x509_ctx) != 1) |
472 if (X509_verify_cert(x509_ctx) != 1) |
473 { |
473 { |
474 ret_code = getErrCode(X509_STORE_CTX_get_error(x509_ctx)); |
474 ret_code = getErrCode(X509_STORE_CTX_get_error(x509_ctx)); |
475 break; |
475 // If the secure time of the device has not yet been set |
|
476 // (can happen some times during the first device boot), |
|
477 // allow installing with not yet valid certificates |
|
478 if (KCertNotYetValidFailure == ret_code) |
|
479 { |
|
480 if (!TelUtils::isSecureTimeSet()) |
|
481 { |
|
482 ret_code = KCertAndSignatureOk; |
|
483 } |
|
484 } |
|
485 |
|
486 if (KCertAndSignatureOk != ret_code) |
|
487 { |
|
488 break; |
|
489 } |
476 } |
490 } |
477 // verify the extended key usage: it must point to id-kp-codeSigning (RFC3280 code signing) |
491 // verify the extended key usage: it must point to id-kp-codeSigning (RFC3280 code signing) |
478 // or 1.3.6.1.4.1.94.1.49.1.2.2.3 (Nokia Java Code Signing Extension) |
492 // or 1.3.6.1.4.1.94.1.49.1.2.2.3 (Nokia Java Code Signing Extension) |
479 EXTENDED_KEY_USAGE *extKeyUsage; |
493 EXTENDED_KEY_USAGE *extKeyUsage; |
480 if ((extKeyUsage=(EXTENDED_KEY_USAGE*)X509_get_ext_d2i(end_entity_cert, NID_ext_key_usage, NULL, NULL)) != NULL) |
494 if ((extKeyUsage=(EXTENDED_KEY_USAGE*)X509_get_ext_d2i(end_entity_cert, NID_ext_key_usage, NULL, NULL)) != NULL) |