generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Comment and indentation

Browse Source
This commit is contained in:
Bodo Möller 2001-01-28 14:38:11 +00:00
parent b847024026
commit 78f3a2aad7
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/x509/x509_vfy.c
View File

@ -488,6 +488,13 @@ static int internal_verify(X509_STORE_CTX *ctx)
if (!ok) goto end; if (!ok) goto end;
} }
if (X509_verify(xs,pkey) <= 0) if (X509_verify(xs,pkey) <= 0)
/* XXX For the final trusted self-signed cert,
* this is a waste of time. That check should
* optional so that e.g. 'openssl x509' can be
* used to detect invalid self-signatures, but
* we don't verify again and again in SSL
* handshakes and the like once the cert has
* been declared trusted. */
{ {
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs; ctx->current_cert=xs;