oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

"self-signed doesn't count" doesn't apply to trust anchor certificate.

Browse Source 
make trust anchor check consistant.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21869 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-08-08 11:52:52 +00:00
parent 44a49b86f6
commit 93707ec4e3
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/hx509/cert.c
View File

@@ -1588,7 +1588,7 @@ hx509_verify_path(hx509_context context,
goto out;
}
if (certificate_is_self_signed(c))
if (i + 1 != path.len && certificate_is_self_signed(c))
selfsigned_depth++;
break;
@@ -1760,7 +1760,7 @@ hx509_verify_path(hx509_context context,
c = _hx509_get_cert(path.val[i]);
/* verify name constraints, not for selfsigned and anchor */
if (!certificate_is_self_signed(c) || i != path.len - 1) {
if (!certificate_is_self_signed(c) || i + 1 != path.len) {
ret = check_name_constraints(context, &nc, c);
if (ret) {
goto out;
@@ -1833,7 +1833,7 @@ hx509_verify_path(hx509_context context,
c = _hx509_get_cert(path.val[i]);
/* is last in chain (trust anchor) */
if (i == path.len - 1) {
if (i + 1 == path.len) {
signer = path.val[i]->data;
/* if trust anchor is not self signed, don't check sig */