diff options
Diffstat (limited to 'crypto/x509/x509_vfy.c')
| -rw-r--r-- | crypto/x509/x509_vfy.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index dd4065b0ce..200a9cc0b6 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1610,10 +1610,11 @@ static int internal_verify(X509_STORE_CTX *ctx) { ctx->error_depth=n; - /* Skip signature check for self signed certificates. It - * doesn't add any security and just wastes time. + /* Skip signature check for self signed certificates unless + * explicitly asked for. It doesn't add any security and + * just wastes time. */ - if (!xs->valid && xs != xi) + if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { if ((pkey=X509_get_pubkey(xi)) == NULL) { |