Loading crypto/x509/x509_vfy.c +14 −4 Original line number Diff line number Diff line Loading @@ -151,6 +151,15 @@ static int x509_subject_cmp(X509 **a, X509 **b) return X509_subject_name_cmp(*a,*b); } #endif /* Return 1 is a certificate is self signed */ static int cert_self_signed(X509 *x) { X509_check_purpose(x, -1, 0); if (x->ex_flags & EXFLAG_SS) return 1; else return 0; } /* Given a certificate try and find an exact match in the store */ Loading Loading @@ -232,8 +241,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) */ /* If we are self signed, we break */ if (ctx->check_issued(ctx, x,x)) break; if (cert_self_signed(x)) break; /* If asked see if we can find issuer in trusted store first */ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { Loading Loading @@ -284,7 +293,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) i=sk_X509_num(ctx->chain); x=sk_X509_value(ctx->chain,i-1); if (ctx->check_issued(ctx, x, x)) if (cert_self_signed(x)) { /* we have a self signed certificate */ if (sk_X509_num(ctx->chain) == 1) Loading Loading @@ -332,7 +341,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (depth < num) break; /* If we are self signed, we break */ if (ctx->check_issued(ctx,x,x)) break; if (cert_self_signed(x)) break; ok = ctx->get_issuer(&xtmp, ctx, x); Loading Loading
crypto/x509/x509_vfy.c +14 −4 Original line number Diff line number Diff line Loading @@ -151,6 +151,15 @@ static int x509_subject_cmp(X509 **a, X509 **b) return X509_subject_name_cmp(*a,*b); } #endif /* Return 1 is a certificate is self signed */ static int cert_self_signed(X509 *x) { X509_check_purpose(x, -1, 0); if (x->ex_flags & EXFLAG_SS) return 1; else return 0; } /* Given a certificate try and find an exact match in the store */ Loading Loading @@ -232,8 +241,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) */ /* If we are self signed, we break */ if (ctx->check_issued(ctx, x,x)) break; if (cert_self_signed(x)) break; /* If asked see if we can find issuer in trusted store first */ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { Loading Loading @@ -284,7 +293,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) i=sk_X509_num(ctx->chain); x=sk_X509_value(ctx->chain,i-1); if (ctx->check_issued(ctx, x, x)) if (cert_self_signed(x)) { /* we have a self signed certificate */ if (sk_X509_num(ctx->chain) == 1) Loading Loading @@ -332,7 +341,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (depth < num) break; /* If we are self signed, we break */ if (ctx->check_issued(ctx,x,x)) break; if (cert_self_signed(x)) break; ok = ctx->get_issuer(&xtmp, ctx, x); Loading
