don't do loop check for single self signed certificate
authorDr. Stephen Henson <steve@openssl.org>
Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)
crypto/x509/x509_vfy.c

index 18048da68c7fea7bd53ead71a5a4fed4be9a77d4..099881b7b37e8f5200522a4e42d5507ec45a4841 100644 (file)
@@ -443,6 +443,9 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
                {
                int i;
                X509 *ch;
                {
                int i;
                X509 *ch;
+               /* Special case: single self signed certificate */
+               if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1)
+                       return 1;
                for (i = 0; i < sk_X509_num(ctx->chain); i++)
                        {
                        ch = sk_X509_value(ctx->chain, i);
                for (i = 0; i < sk_X509_num(ctx->chain); i++)
                        {
                        ch = sk_X509_value(ctx->chain, i);