diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_seclevel.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c index b24999498c..4bcbcbf36c 100644 --- a/src/lib/libssl/ssl_seclevel.c +++ b/src/lib/libssl/ssl_seclevel.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_seclevel.c,v 1.9 2022/06/29 21:10:20 tb Exp $ */ | 1 | /* $OpenBSD: ssl_seclevel.c,v 1.10 2022/06/29 21:19:21 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2020 Theo Buehler <tb@openbsd.org> |
| 4 | * | 4 | * |
| @@ -26,6 +26,7 @@ | |||
| 26 | #include <openssl/ssl.h> | 26 | #include <openssl/ssl.h> |
| 27 | #include <openssl/tls1.h> | 27 | #include <openssl/tls1.h> |
| 28 | #include <openssl/x509.h> | 28 | #include <openssl/x509.h> |
| 29 | #include <openssl/x509v3.h> | ||
| 29 | 30 | ||
| 30 | #include "ssl_locl.h" | 31 | #include "ssl_locl.h" |
| 31 | 32 | ||
| @@ -284,7 +285,7 @@ ssl_security_cert_key(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int op) | |||
| 284 | } | 285 | } |
| 285 | 286 | ||
| 286 | static int | 287 | static int |
| 287 | ssl_cert_signature_md_nid(const X509 *x509) | 288 | ssl_cert_signature_md_nid(X509 *x509) |
| 288 | { | 289 | { |
| 289 | int md_nid, signature_nid; | 290 | int md_nid, signature_nid; |
| 290 | 291 | ||
| @@ -317,6 +318,10 @@ ssl_security_cert_sig(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int op) | |||
| 317 | { | 318 | { |
| 318 | int md_nid, security_bits; | 319 | int md_nid, security_bits; |
| 319 | 320 | ||
| 321 | /* Don't check signature if self signed. */ | ||
| 322 | if ((X509_get_extension_flags(x509) & EXFLAG_SS) != 0) | ||
| 323 | return 1; | ||
| 324 | |||
| 320 | md_nid = ssl_cert_signature_md_nid(x509); | 325 | md_nid = ssl_cert_signature_md_nid(x509); |
| 321 | security_bits = ssl_cert_md_nid_security_bits(md_nid); | 326 | security_bits = ssl_cert_md_nid_security_bits(md_nid); |
| 322 | 327 | ||