Only accept self-signed certs within chains for strong hash types

2009-11-25 05:03:16 -08:00
parent b191b1e12f
commit a059a70746
2 changed files with 33 additions and 8 deletions
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -1023,9 +1023,12 @@ certificate_is_self_signed(hx509_context context,
    ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
 			  &cert->tbsCertificate.issuer, &diff);
    *self_signed = (diff == 0);
-    if (ret)
+    if (ret) {
 	hx509_set_error_string(context, 0, ret,
 			       "Failed to check if self signed");
+    } else
+	ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm);
+
    return ret;
 }