generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't check self signed certificate signature security.

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2016-02-11 15:25:11 +00:00
parent ce023e77d7
commit 221c7b55e3
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ssl/t1_lib.c
View File

@@ -4122,6 +4122,9 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
{ {
/* Lookup signature algorithm digest */ /* Lookup signature algorithm digest */
int secbits = -1, md_nid = NID_undef, sig_nid; int secbits = -1, md_nid = NID_undef, sig_nid;
/* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
return 1;
sig_nid = X509_get_signature_nid(x); sig_nid = X509_get_signature_nid(x);
if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) { if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) {
const EVP_MD *md; const EVP_MD *md;