oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

"self-signed doesn't count" doesn't apply to trust anchor certificate.

Browse Source 
make trust anchor check consistant.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21869 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-08-08 11:52:52 +00:00
parent 44a49b86f6
commit 93707ec4e3
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/hx509/cert.c
View File

@@ -1588,7 +1588,7 @@ hx509_verify_path(hx509_context context,
goto out; goto out;
} }
if (certificate_is_self_signed(c)) if (i + 1 != path.len && certificate_is_self_signed(c))
selfsigned_depth++; selfsigned_depth++;
break; break;
@@ -1760,7 +1760,7 @@ hx509_verify_path(hx509_context context,
c = _hx509_get_cert(path.val[i]); c = _hx509_get_cert(path.val[i]);
/* verify name constraints, not for selfsigned and anchor */ /* verify name constraints, not for selfsigned and anchor */
if (!certificate_is_self_signed(c) || i != path.len - 1) { if (!certificate_is_self_signed(c) || i + 1 != path.len) {
ret = check_name_constraints(context, &nc, c); ret = check_name_constraints(context, &nc, c);
if (ret) { if (ret) {
goto out; goto out;
@@ -1833,7 +1833,7 @@ hx509_verify_path(hx509_context context,
c = _hx509_get_cert(path.val[i]); c = _hx509_get_cert(path.val[i]);
/* is last in chain (trust anchor) */ /* is last in chain (trust anchor) */
if (i == path.len - 1) { if (i + 1 == path.len) {
signer = path.val[i]->data; signer = path.val[i]->data;
/* if trust anchor is not self signed, don't check sig */ /* if trust anchor is not self signed, don't check sig */