Fix various certificate fingerprint issues.

[openssl.git] / crypto / x509 / x_all.c

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index e62cd313949b0f6fde88e512fb8b0dd94715428f..d7229506f644e8b52b2203da88909622d1d2417a 100644 (file)
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -73,6 +73,8 @@
 
 int X509_verify(X509 *a, EVP_PKEY *r)
        {
+       if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
+               return 0;
        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
                a->signature,a->cert_info,r));
        }
@@ -98,11 +100,18 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
        {
+       x->cert_info->enc.modified = 1;
        return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
                x->cert_info->signature,
                x->sig_alg, x->signature, x->cert_info, ctx);
        }
 
+int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
+       {
+       return OCSP_REQ_CTX_nbio_d2i(rctx,
+                               (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509));
+       }
+
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
@@ -124,6 +133,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
        {
+       x->crl->enc.modified = 1;
        return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
                x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
        }