Don't do loop detection for self signed check.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 14 Feb 2014 14:52:23 +0000 (14:52 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 14 Feb 2014 14:52:23 +0000 (14:52 +0000)
crypto/x509/x509_vfy.c

index b7e3f6e..8129fa0 100644 (file)
@@ -481,6 +481,8 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 {
        int ret;
 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 {
        int ret;
+       if (x == issuer)
+               return cert_self_signed(x);
        ret = X509_check_issued(issuer, x);
        if (ret == X509_V_OK)
                {
        ret = X509_check_issued(issuer, x);
        if (ret == X509_V_OK)
                {