Update from 1.0.0-stable.

author: Dr. Stephen Henson <steve@openssl.org> 2009-06-26 11:34:22 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-06-26 11:34:22 +0000
commit: 9aecc3e5ff3889fbe6f469d61e6f5935d870d4af (patch)
tree: ccfe23227378b0d97f770a230c97550c60433973 /apps
parent: b8a4a5bcba1545b5b22fed0ab7fcd5dc37598052 (diff)
2 files changed, 3 insertions, 0 deletions
diff --git a/apps/apps.c b/apps/apps.c
index 498722a5a2..35b62b8b09 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2261,6 +2261,8 @@ int args_verify(char ***pargs, int *pargc,
 		flags |= X509_V_FLAG_X509_STRICT;
 	else if (!strcmp(arg, "-policy_print"))
 		flags |= X509_V_FLAG_NOTIFY_POLICY;
+	else if (!strcmp(arg, "-check_ss_sig"))
+		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
 	else
 		return 0;
 
diff --git a/apps/x509.c b/apps/x509.c
index 6debce4419..b25508aa8e 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1151,6 +1151,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	/* NOTE: this certificate can/should be self signed, unless it was
 	 * a certificate request in which case it is not. */
 	X509_STORE_CTX_set_cert(&xsc,x);
+	X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
 	if (!reqfile && X509_verify_cert(&xsc) <= 0)
 		goto end;
author	Dr. Stephen Henson <steve@openssl.org>	2009-06-26 11:34:22 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-06-26 11:34:22 +0000
commit	9aecc3e5ff3889fbe6f469d61e6f5935d870d4af (patch)
tree	ccfe23227378b0d97f770a230c97550c60433973 /apps
parent	b8a4a5bcba1545b5b22fed0ab7fcd5dc37598052 (diff)