Update from 0.9.8-stable.

This commit is contained in:
Dr. Stephen Henson 2009-06-15 15:01:00 +00:00
parent 512cab0128
commit 31db43df08
2 changed files with 10 additions and 8 deletions

View File

@ -793,6 +793,11 @@
Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
*) Don't check self signed certificate signatures in X509_verify_cert():
it just wastes time without adding any security. As a useful side effect
self signed root CAs with non-FIPS digests are now usable in FIPS mode.
[Steve Henson]
*) In dtls1_process_out_of_seq_message() the check if the current message
is already buffered was missing. For every new message was memory
allocated, allowing an attacker to perform an denial of service attack

View File

@ -1609,7 +1609,11 @@ static int internal_verify(X509_STORE_CTX *ctx)
while (n >= 0)
{
ctx->error_depth=n;
if (!xs->valid)
/* Skip signature check for self signed certificates. It
* doesn't add any security and just wastes time.
*/
if (!xs->valid && xs != xi)
{
if ((pkey=X509_get_pubkey(xi)) == NULL)
{
@ -1619,13 +1623,6 @@ static int internal_verify(X509_STORE_CTX *ctx)
if (!ok) goto end;
}
else if (X509_verify(xs,pkey) <= 0)
/* XXX For the final trusted self-signed cert,
* this is a waste of time. That check should
* optional so that e.g. 'openssl x509' can be
* used to detect invalid self-signatures, but
* we don't verify again and again in SSL
* handshakes and the like once the cert has
* been declared trusted. */
{
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs;