Don't do loop detection for self signed check.

author Dr. Stephen Henson <steve@openssl.org>

Fri, 14 Feb 2014 14:52:23 +0000 (14:52 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 14 Feb 2014 14:52:23 +0000 (14:52 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 14 Feb 2014 14:52:23 +0000 (14:52 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 14 Feb 2014 14:52:23 +0000 (14:52 +0000)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c

index b7e3f6e996f6c575afef04f9316b43116fb2bae4..8129fa084d12b86fe2f6a264a371e6444d242b00 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -481,6 +481,8 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
  static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
  {
         int ret;
+       if (x == issuer)
+               return cert_self_signed(x);
         ret = X509_check_issued(issuer, x);
         if (ret == X509_V_OK)
                 {
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 14 Feb 2014 14:52:23 +0000 (14:52 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 14 Feb 2014 14:52:23 +0000 (14:52 +0000)