mirrors-yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls synced 2024-11-24 18:38:32 +00:00
Code Issues Projects Releases Packages Wiki Activity

Do not check sig on trust-ca (might not be top)

Browse source
This commit is contained in:
Paul Bakker 2012-11-24 11:53:17 +01:00
parent 769075dfb6
commit 3497d8c7bf
1 changed files with 3 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
library/x509parse.c
View file

@ -3178,7 +3178,9 @@ static int x509parse_verify_top(
} }
/* /*
* If top of chain is not the same as the trusted CA * If top of chain is not the same as the trusted CA send a verify request
* to the callback for any issues with validity and CRL presence for the
* trusted CA certificate.
*/ */
if( trust_ca != NULL && if( trust_ca != NULL &&
( child->subject_raw.len != trust_ca->subject_raw.len || ( child->subject_raw.len != trust_ca->subject_raw.len ||
@ -3191,16 +3193,6 @@ static int x509parse_verify_top(
if( x509parse_time_expired( &trust_ca->valid_to ) ) if( x509parse_time_expired( &trust_ca->valid_to ) )
ca_flags |= BADCERT_EXPIRED; ca_flags |= BADCERT_EXPIRED;
hash_id = trust_ca->sig_alg;
x509_hash( trust_ca->tbs.p, trust_ca->tbs.len, hash_id, hash );
if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, hash_id,
0, hash, trust_ca->sig.p ) != 0 )
{
ca_flags |= BADCERT_NOT_TRUSTED;
}
if( NULL != f_vrfy ) if( NULL != f_vrfy )
{ {
if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 ) if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )