don't do loop check for single self signed certificate
authorDr. Stephen Henson <steve@openssl.org>
Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)
crypto/x509/x509_vfy.c

index 18048da..099881b 100644 (file)
@@ -443,6 +443,9 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
                {
                int i;
                X509 *ch;
+               /* Special case: single self signed certificate */
+               if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1)
+                       return 1;
                for (i = 0; i < sk_X509_num(ctx->chain); i++)
                        {
                        ch = sk_X509_value(ctx->chain, i);