don't do loop check for single self signed certificate

author Dr. Stephen Henson <steve@openssl.org>

Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c

index 18048da68c7fea7bd53ead71a5a4fed4be9a77d4..099881b7b37e8f5200522a4e42d5507ec45a4841 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -443,6 +443,9 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
                 {
                 int i;
                 X509 *ch;
+               /* Special case: single self signed certificate */
+               if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1)
+                       return 1;
                 for (i = 0; i < sk_X509_num(ctx->chain); i++)
                         {
                         ch = sk_X509_value(ctx->chain, i);
author	Dr. Stephen Henson <steve@openssl.org>
	Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)