openssl: Don't check signature if issuer doesn't match always
Doing this for the self-signed check also (i.e. if this and issuer are the same) is particularly useful if the issuer uses a different key type. Otherwise, we'd try to verify the signature with an incompatible key that would result in a log message. Fixes #3357.
This commit is contained in:
parent
5761077091
commit
61769fd1e3
|
@ -416,10 +416,10 @@ METHOD(certificate_t, issued_by, bool,
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer)))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer)))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
key = issuer->get_public_key(issuer);
|
||||
if (!key)
|
||||
|
|
Loading…
Reference in New Issue