| blob | 70ffdce4ed1e8c94f9fdaa0c6e72160eeb28dc49 |
1 From 32b56287cc9d07dfbbc2ee21b70a8fbe1f2d9f2f Mon Sep 17 00:00:00 2001
2 From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 Date: Sat, 30 Dec 2017 19:57:08 +0100
4 Subject: [PATCH] x509/verify: when verifying against a self signed certificate ignore issuer
6 That is, ignore issuer when checking the issuer's parameters strength. That
7 resolves the issue of marking self-signed certificates as with insecure
8 parameters during verification.
10 Resolves #347
12 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
13 ---
14 lib/x509/verify.c | 12 +++++++-----
15 1 file changed, 7 insertions(+), 5 deletions(-)
17 diff --git a/lib/x509/verify.c b/lib/x509/verify.c
18 index 26b1ab3..a59e637 100644
19 --- a/lib/x509/verify.c
20 +++ b/lib/x509/verify.c
21 @@ -431,11 +431,13 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned
22 _gnutls_debug_log(#level": certificate's security level is unacceptable\n"); \
23 return gnutls_assert_val(0); \
24 } \
25 - sp = gnutls_pk_bits_to_sec_param(issuer_pkalg, issuer_bits); \
26 - if (sp < level) { \
27 - _gnutls_cert_log("issuer", issuer); \
28 - _gnutls_debug_log(#level": certificate's issuer security level is unacceptable\n"); \
29 - return gnutls_assert_val(0); \
30 + if (issuer) { \
31 + sp = gnutls_pk_bits_to_sec_param(issuer_pkalg, issuer_bits); \
32 + if (sp < level) { \
33 + _gnutls_cert_log("issuer", issuer); \
34 + _gnutls_debug_log(#level": certificate's issuer security level is unacceptable\n"); \
35 + return gnutls_assert_val(0); \
36 + } \
37 } \
38 break;
40 --
41 libgit2 0.26.0