diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-10-27 20:28:37 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-10-27 20:28:37 +0000 |
commit | 4abf151a2d0c9b9e5f1d6b5d6960de994b2f5334 (patch) | |
tree | 8e3a723bb011f73eb469045b543de2acb2b6adab | |
parent | de0b7f484b9d689f519c5ff82b4a25338578f3a3 (diff) | |
download | gnutls-4abf151a2d0c9b9e5f1d6b5d6960de994b2f5334.tar.gz |
The check for insecure algorithms is only performed on non-self signed certificates.
-rw-r--r-- | lib/x509/verify.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 543d87389f..85539f5f4d 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -143,7 +143,7 @@ static int check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, * This does a straight (DER) compare of the issuer/subject fields in * the given certificates. * - * Returns 1 if the match and zero if they don't match. Otherwise + * Returns 1 if they match and zero if they don't match. Otherwise * a negative value is returned to indicate error. */ static @@ -285,7 +285,11 @@ static int _gnutls_verify_certificate2(gnutls_x509_crt_t cert, ret = 0; } - { + /* If the certificate is not self signed check if the algorithms + * used are secure. If the certificate is self signed it doesn't + * really matter. + */ + if (is_issuer(cert, cert) != 0) { int sigalg; sigalg = gnutls_x509_crt_get_signature_algorithm(cert); |