oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(hx509_verify_path): if trust anchor is not self signed, don't check sig

Browse Source 
From Douglas Engert.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17108 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-04-20 17:05:11 +00:00
parent 6195a45286
commit 866f4be765
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/hx509/cert.c
View File

@@ -1326,8 +1326,18 @@ hx509_verify_path(hx509_context context,
Certificate *signer, *c; Certificate *signer, *c;
c = _hx509_get_cert(path.val[i]); c = _hx509_get_cert(path.val[i]);
/* is last in chain and thus the self-signed */
signer = path.val[i == path.len - 1 ? i : i + 1]->data; /* is last in chain (trust anchor) */
if (i == path.len - 1) {
signer = path.val[i]->data;
/* if trust anchor is not self signed, don't check sig */
if (!certificate_is_self_signed(signer))
continue;
} else {
/* take next certificate in chain */
signer = path.val[i + 1]->data;
}
/* verify signatureValue */ /* verify signatureValue */
ret = _hx509_verify_signature_bitstring(signer, ret = _hx509_verify_signature_bitstring(signer,