don't do loop check for single self signed certificate

[openssl.git] / crypto / x509 / x509_vfy.c

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 18048da68c7fea7bd53ead71a5a4fed4be9a77d4..099881b7b37e8f5200522a4e42d5507ec45a4841 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -443,6 +443,9 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
                {
                int i;
                X509 *ch;
+               /* Special case: single self signed certificate */
+               if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1)
+                       return 1;
                for (i = 0; i < sk_X509_num(ctx->chain); i++)
                        {
                        ch = sk_X509_value(ctx->chain, i);