From 6bdd924968ceccf33a86482aa720609d1c156741 Mon Sep 17 00:00:00 2001
From: Lianhao Lu <lianhao.lu@intel.com>
Date: Thu, 21 Nov 2019 18:33:20 +0800
Subject: Support new version of openssl

1. Support new version of openssl >= 1.1.1.
2. Add a blank line between digest and signature section per spec
SOL004.

Issue-ID: VNFSDK-519

Change-Id: I92873897805ab627a31eb5c09450e33b2f091db5
Signed-off-by: Lianhao Lu <lianhao.lu@intel.com>
---
 vnfsdk_pkgtools/packager/manifest.py | 7 ++++---
 vnfsdk_pkgtools/packager/utils.py    | 6 +++---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/vnfsdk_pkgtools/packager/manifest.py b/vnfsdk_pkgtools/packager/manifest.py
index b2d0804..5066f45 100644
--- a/vnfsdk_pkgtools/packager/manifest.py
+++ b/vnfsdk_pkgtools/packager/manifest.py
@@ -159,9 +159,11 @@ class Manifest(object):
             ret += "Source: %s\n" % key
             ret += "Algorithm: %s\n" % digest[0]
             ret += "Hash: %s\n" % digest[1]
+        if self.digests:
+            # empty line between digest and signature section
+            ret += "\n"
         # signature
         if  self.signature:
-            ret += "\n"
             ret += self.signature
         return ret
 
@@ -190,8 +192,7 @@ class Manifest(object):
                 elif not skip:
                     lines.append(line)
         # strip trailing empty lines
-        content = ''.join(lines).rstrip(' \n\t')
-        content += '\n'
+        content = ''.join(lines)
         tmpfile = tempfile.NamedTemporaryFile(mode='w',delete=False)
         tmpfile.write(content)
         tmpfile.close()
diff --git a/vnfsdk_pkgtools/packager/utils.py b/vnfsdk_pkgtools/packager/utils.py
index 06143c6..f16a961 100644
--- a/vnfsdk_pkgtools/packager/utils.py
+++ b/vnfsdk_pkgtools/packager/utils.py
@@ -79,7 +79,7 @@ def _run_cmd(cmd, **kwargs):
 
 
 def sign(msg_file, cert_file, key_file):
-    args = ["openssl", "cms", "-sign", "-binary", "-nocerts"]
+    args = ["openssl", "cms", "-sign", "-binary"]
     kwargs = {
               '-in': os.path.abspath(msg_file),
               '-signer': os.path.abspath(cert_file),
@@ -91,9 +91,9 @@ def sign(msg_file, cert_file, key_file):
 
 
 def verify(msg_file, cert_file, cms, no_verify_cert=False):
-    args = ["openssl", "cms", "-verify"]
+    args = ["openssl", "cms", "-verify", "-binary"]
     if no_verify_cert:
-        args.append("-no_signer_cert_verify")
+        args.append("-noverify")
 
     with tempfile.NamedTemporaryFile(mode='w') as f:
         f.write(cms)
-- 
cgit 1.2.3-korg