Don't check self signed certificate signature security.

Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-02-11 15:25:11 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2016-02-11 19:00:41 +0000
commit: 221c7b55e35a952f517c3c2237feb3c1044b7dd9 (patch)
tree: 1fae9b9ae4ed157210476d1fb42d2a44a44ab5f1 /ssl
parent: ce023e77d7b208016276157fa14a6e2636649e85 (diff)
download: openssl-221c7b55e35a952f517c3c2237feb3c1044b7dd9.zip
openssl-221c7b55e35a952f517c3c2237feb3c1044b7dd9.tar.gz
openssl-221c7b55e35a952f517c3c2237feb3c1044b7dd9.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e0e0cb9..d7a6f95 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4122,6 +4122,9 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
 {
     /* Lookup signature algorithm digest */
     int secbits = -1, md_nid = NID_undef, sig_nid;
+    /* Don't check signature if self signed */
+    if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
+        return 1;
     sig_nid = X509_get_signature_nid(x);
     if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) {
         const EVP_MD *md;
author	Dr. Stephen Henson <steve@openssl.org>	2016-02-11 15:25:11 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2016-02-11 19:00:41 +0000
commit	221c7b55e35a952f517c3c2237feb3c1044b7dd9 (patch)
tree	1fae9b9ae4ed157210476d1fb42d2a44a44ab5f1 /ssl
parent	ce023e77d7b208016276157fa14a6e2636649e85 (diff)
download	openssl-221c7b55e35a952f517c3c2237feb3c1044b7dd9.zip openssl-221c7b55e35a952f517c3c2237feb3c1044b7dd9.tar.gz openssl-221c7b55e35a952f517c3c2237feb3c1044b7dd9.tar.bz2