ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

openssl: Don't check signature if issuer doesn't match always 

Doing this for the self-signed check also (i.e. if this and issuer are
the same) is particularly useful if the issuer uses a different key type.
Otherwise, we'd try to verify the signature with an incompatible key
that would result in a log message.

Fixes #3357.
This commit is contained in:
Tobias Brunner 2020-03-04 19:26:55 +01:00
parent 5761077091
commit 61769fd1e3
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libstrongswan/plugins/openssl/openssl_x509.c
View File

@ -416,10 +416,10 @@ METHOD(certificate_t, issued_by, bool,
{
return FALSE;
}
if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer)))
{
return FALSE;
}
}
if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer)))
{
return FALSE;
}
key = issuer->get_public_key(issuer);
if (!key)