[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Thu Feb 11 19:01:10 UTC 2016
The branch master has been updated
via 221c7b55e35a952f517c3c2237feb3c1044b7dd9 (commit)
from ce023e77d7b208016276157fa14a6e2636649e85 (commit)
- Log -----------------------------------------------------------------
commit 221c7b55e35a952f517c3c2237feb3c1044b7dd9
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Feb 11 15:25:11 2016 +0000
Don't check self signed certificate signature security.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/t1_lib.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e0e0cb9..d7a6f95 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4122,6 +4122,9 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
{
/* Lookup signature algorithm digest */
int secbits = -1, md_nid = NID_undef, sig_nid;
+ /* Don't check signature if self signed */
+ if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
+ return 1;
sig_nid = X509_get_signature_nid(x);
if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) {
const EVP_MD *md;
More information about the openssl-commits
mailing list