generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

V1 certificates that aren't self signed can't be accepted as CAs.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2004-12-03 00:10:34 +00:00
parent f774accdbf
commit 8f284faaec
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/x509v3/v3_purp.c
View File

@ -441,8 +441,6 @@ static int check_ca(const X509 *x)
/* Older certificates could have Netscape-specific CA types */ /* Older certificates could have Netscape-specific CA types */
else if (x->ex_flags & EXFLAG_NSCERT else if (x->ex_flags & EXFLAG_NSCERT
&& x->ex_nscert & NS_ANY_CA) return 5; && x->ex_nscert & NS_ANY_CA) return 5;
/* 2 means "I don't know...", which is legal for V1 and V2 */
else if (x->ex_flags & EXFLAG_V1) return 2;
/* can this still be regarded a CA certificate? I doubt it */ /* can this still be regarded a CA certificate? I doubt it */
return 0; return 0;
} }