The branch master has been updated via 221c7b55e35a952f517c3c2237feb3c1044b7dd9 (commit) from ce023e77d7b208016276157fa14a6e2636649e85 (commit)
- Log ----------------------------------------------------------------- commit 221c7b55e35a952f517c3c2237feb3c1044b7dd9 Author: Dr. Stephen Henson <st...@openssl.org> Date: Thu Feb 11 15:25:11 2016 +0000 Don't check self signed certificate signature security. Reviewed-by: Richard Levitte <levi...@openssl.org> ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e0e0cb9..d7a6f95 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -4122,6 +4122,9 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) { /* Lookup signature algorithm digest */ int secbits = -1, md_nid = NID_undef, sig_nid; + /* Don't check signature if self signed */ + if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) + return 1; sig_nid = X509_get_signature_nid(x); if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) { const EVP_MD *md; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits