diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2004-12-03 00:10:34 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2004-12-03 00:10:34 +0000 |
| commit | 8f284faaec659cdac2cd09d1471d34e3fa5889df (patch) | |
| tree | 4c53294e5b8f5ac52278b32435fc9aa98628eb79 /crypto | |
| parent | f774accdbfa6b793b6e2a5e39a0c98ff5a87277c (diff) | |
V1 certificates that aren't self signed can't be accepted as CAs.
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/x509v3/v3_purp.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 8d0ebbeaef..a60d41bc24 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -441,8 +441,6 @@ static int check_ca(const X509 *x) /* Older certificates could have Netscape-specific CA types */ else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA) return 5; - /* 2 means "I don't know...", which is legal for V1 and V2 */ - else if (x->ex_flags & EXFLAG_V1) return 2; /* can this still be regarded a CA certificate? I doubt it */ return 0; } |