summaryrefslogtreecommitdiffstats
path: root/crypto/x509/x509_cmp.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/x509/x509_cmp.c')
-rw-r--r--crypto/x509/x509_cmp.c20
1 files changed, 11 insertions, 9 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index ad620af0af..c9d8933640 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -133,19 +133,21 @@ unsigned long X509_subject_name_hash_old(X509 *x)
*/
int X509_cmp(const X509 *a, const X509 *b)
{
- int rv;
+ int rv = 0;
if (a == b) /* for efficiency */
return 0;
- /* ensure hash is valid */
- if (X509_check_purpose((X509 *)a, -1, 0) != 1)
- return -2;
- if (X509_check_purpose((X509 *)b, -1, 0) != 1)
- return -2;
-
- rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
- if (rv)
+
+ /* try to make sure hash is valid */
+ (void)X509_check_purpose((X509 *)a, -1, 0);
+ (void)X509_check_purpose((X509 *)b, -1, 0);
+
+ if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0
+ && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0)
+ rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+ if (rv != 0)
return rv;
+
/* Check for match against stored encoding too */
if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
if (a->cert_info.enc.len < b->cert_info.enc.len)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-13 00:03:04 +0000