From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 14 Feb 2014 14:52:23 +0000 (+0000)
Subject: Don't do loop detection for self signed check.
X-Git-Tag: master-pre-reformat~910
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2dac2667d1ec0ffd9f5609cc07f7e1221624e152;p=openssl

Don't do loop detection for self signed check.
---

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index b7e3f6e996..8129fa084d 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -481,6 +481,8 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 {
 	int ret;
+	if (x == issuer)
+		return cert_self_signed(x);
 	ret = X509_check_issued(issuer, x);
 	if (ret == X509_V_OK)
 		{