|
|
@ -118,7 +118,7 @@ bool PaymentRequestPlus::getMerchant(X509_STORE* certStore, QString& merchant) c |
|
|
|
// The first cert is the signing cert, the rest are untrusted certs that chain
|
|
|
|
// The first cert is the signing cert, the rest are untrusted certs that chain
|
|
|
|
// to a valid root authority. OpenSSL needs them separately.
|
|
|
|
// to a valid root authority. OpenSSL needs them separately.
|
|
|
|
STACK_OF(X509) *chain = sk_X509_new_null(); |
|
|
|
STACK_OF(X509) *chain = sk_X509_new_null(); |
|
|
|
for (int i = certs.size()-1; i > 0; i--) { |
|
|
|
for (int i = certs.size() - 1; i > 0; i--) { |
|
|
|
sk_X509_push(chain, certs[i]); |
|
|
|
sk_X509_push(chain, certs[i]); |
|
|
|
} |
|
|
|
} |
|
|
|
X509 *signing_cert = certs[0]; |
|
|
|
X509 *signing_cert = certs[0]; |
|
|
@ -166,9 +166,8 @@ bool PaymentRequestPlus::getMerchant(X509_STORE* certStore, QString& merchant) c |
|
|
|
EVP_MD_CTX_init(&ctx); |
|
|
|
EVP_MD_CTX_init(&ctx); |
|
|
|
if (!EVP_VerifyInit_ex(&ctx, digestAlgorithm, NULL) || |
|
|
|
if (!EVP_VerifyInit_ex(&ctx, digestAlgorithm, NULL) || |
|
|
|
!EVP_VerifyUpdate(&ctx, data_to_verify.data(), data_to_verify.size()) || |
|
|
|
!EVP_VerifyUpdate(&ctx, data_to_verify.data(), data_to_verify.size()) || |
|
|
|
!EVP_VerifyFinal(&ctx, (const unsigned char*)paymentRequest.signature().data(), paymentRequest.signature().size(), pubkey)) { |
|
|
|
!EVP_VerifyFinal(&ctx, (const unsigned char*)paymentRequest.signature().data(), (unsigned int)paymentRequest.signature().size(), pubkey)) { |
|
|
|
|
|
|
|
throw SSLVerifyError("Bad signature, invalid payment request."); |
|
|
|
throw SSLVerifyError("Bad signature, invalid PaymentRequest."); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// OpenSSL API for getting human printable strings from certs is baroque.
|
|
|
|
// OpenSSL API for getting human printable strings from certs is baroque.
|
|
|
|