From 9e262359f2d159f8525262d958e7c277fa338414 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 5 Jun 2007 02:59:33 +0000
Subject: [PATCH] Check that the self-signed cert is really self-signed.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20908 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/print.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/lib/hx509/print.c b/lib/hx509/print.c
index f85668fef..18c0eea71 100644
--- a/lib/hx509/print.c
+++ b/lib/hx509/print.c
@@ -804,6 +804,20 @@ hx509_validate_cert(hx509_context context,
 		       "Not a CA nor PROXY and doesn't have"
 		       "CRL Dist Point\n");
 
+    if (status.selfsigned) {
+	ret = _hx509_verify_signature_bitstring(context,
+						c,
+						&c->signatureAlgorithm,
+						&c->tbsCertificate._save,
+						&c->signatureValue);
+	if (ret == 0)
+	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, 
+			   "Self-signed certificate was self-signed\n");
+	else
+	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
+			   "Self-signed certificate NOT really self-signed!\n");
+    }
+
     hx509_name_free(&subject);
     hx509_name_free(&issuer);