X.509: Fix self-signed determination
authorDavid Howells <dhowells@redhat.com>
Wed, 6 Apr 2016 15:13:34 +0000 (16:13 +0100)
committerDavid Howells <dhowells@redhat.com>
Wed, 6 Apr 2016 15:13:34 +0000 (16:13 +0100)
commitad3043fda39db0361d9601685356db4512e914be
tree3c3d8c2db36424117fca5561d27b170fd83e44bf
parent6c2dc5ae4ab719a61d19e8cef082226410b04ff8
X.509: Fix self-signed determination

There's a bug in the code determining whether a certificate is self-signed
or not: if they have neither AKID nor SKID then we just assume that the
cert is self-signed, which may not be true.

Fix this by checking that the raw subject name matches the raw issuer name
and that the public key algorithm for the key and signature are both the
same in addition to requiring that the AKID bits match.

Signed-off-by: David Howells <dhowells@redhat.com>
crypto/asymmetric_keys/x509_public_key.c