diff options
author | Adam Langley <agl@chromium.org> | 2014-06-20 23:00:00 +0400 |
---|---|---|
committer | Adam Langley <agl@chromium.org> | 2014-06-21 00:17:38 +0400 |
commit | 35163dc9259cf54e534225b37658e584ba764d04 (patch) | |
tree | 83c9e38897774f94817377bfbdb60bb2e36e54cb /crypto/x509 | |
parent | a216d03d0eb4eb78d08f0b94abe0d88a3d355b84 (diff) |
Add cert_self_signed function to simplify verify.
(Imported from upstream's ced6dc5cefca57b08e077951a9710c33b709e99e)
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509_vfy.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 45787807..4791d1d9 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -148,6 +148,15 @@ static int x509_subject_cmp(X509 **a, X509 **b) return X509_subject_name_cmp(*a,*b); } #endif +/* Return 1 is a certificate is self signed */ +static int cert_self_signed(X509 *x) + { + X509_check_purpose(x, -1, 0); + if (x->ex_flags & EXFLAG_SS) + return 1; + else + return 0; + } /* Given a certificate try and find an exact match in the store */ @@ -229,8 +238,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) */ /* If we are self signed, we break */ - if (ctx->check_issued(ctx, x,x)) break; - + if (cert_self_signed(x)) + break; /* If asked see if we can find issuer in trusted store first */ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { @@ -281,7 +290,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) i=sk_X509_num(ctx->chain); x=sk_X509_value(ctx->chain,i-1); - if (ctx->check_issued(ctx, x, x)) + if (cert_self_signed(x)) { /* we have a self signed certificate */ if (sk_X509_num(ctx->chain) == 1) @@ -329,7 +338,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (depth < num) break; /* If we are self signed, we break */ - if (ctx->check_issued(ctx,x,x)) break; + if (cert_self_signed(x)) + break; ok = ctx->get_issuer(&xtmp, ctx, x); |