Function X509_cmp() compares two certificates by comparing their SHA1 hash.
Certificate comparison is used in crypto/x509/x509_vfy.c to compare peers provided self-signed certificate with certificate in trust store. However, comparing SHA1 hashes of certificates instead of certificates themselves introduces unnecessary security dependency on SHA1. X509_cmp() should be updated to binary compare DER representation of certificates. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org