diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-02-11 15:25:11 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-02-11 19:00:41 +0000 |
commit | 221c7b55e35a952f517c3c2237feb3c1044b7dd9 (patch) | |
tree | 1fae9b9ae4ed157210476d1fb42d2a44a44ab5f1 /ssl | |
parent | ce023e77d7b208016276157fa14a6e2636649e85 (diff) |
Don't check self signed certificate signature security.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_lib.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e0e0cb95ac..d7a6f954b4 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -4122,6 +4122,9 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) { /* Lookup signature algorithm digest */ int secbits = -1, md_nid = NID_undef, sig_nid; + /* Don't check signature if self signed */ + if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) + return 1; sig_nid = X509_get_signature_nid(x); if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) { const EVP_MD *md; |