Re: Question about handshake error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Mar 11, 2020 at 06:06:44PM +0000, Matt Caswell wrote:

> >         if (!ssl_security_cert_sig(s, ctx, x, SSL_SECOP_CA_MD | vfy))
> >             return SSL_R_CA_MD_TOO_WEAK;
> >         return 1;
> >     }
> 
> The exclusion comes in ssl_security_cert_sig - so I think OpenSSL
> behaves correctly:
> 
> static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
> {
>     /* Lookup signature algorithm digest */
>     int secbits, nid, pknid;
>     /* Don't check signature if self signed */
>     if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
>         return 1;

So I failed to look just one more layer down the call stack. :-(
Thanks for the sanity check.

-- 
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux