aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/cert')
-rw-r--r--src/lib/cert/x509/key_constraint.cpp3
-rw-r--r--src/lib/cert/x509/x509cert.cpp30
-rw-r--r--src/lib/cert/x509/x509cert.h4
-rw-r--r--src/lib/cert/x509/x509path.cpp3
4 files changed, 8 insertions, 32 deletions
diff --git a/src/lib/cert/x509/key_constraint.cpp b/src/lib/cert/x509/key_constraint.cpp
index a90af013c..30d1cb3b8 100644
--- a/src/lib/cert/x509/key_constraint.cpp
+++ b/src/lib/cert/x509/key_constraint.cpp
@@ -31,8 +31,7 @@ void verify_cert_constraints_valid_for_key_type(const Public_Key& pub_key,
permitted |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;
}
- if(name == "RSA" || name == "RW" || name == "NR" ||
- name == "DSA" || name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA")
+ if(name == "RSA" || name == "DSA" || name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA")
{
permitted |= DIGITAL_SIGNATURE | NON_REPUDIATION | KEY_CERT_SIGN | CRL_SIGN;
}
diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp
index ffedf43f0..5765214ae 100644
--- a/src/lib/cert/x509/x509cert.cpp
+++ b/src/lib/cert/x509/x509cert.cpp
@@ -72,32 +72,6 @@ X509_Certificate::X509_Certificate(const std::vector<byte>& in) :
do_decode();
}
-X509_Certificate::X509_Certificate(const X509_Certificate& other) :
- X509_Object(other)
- {
- m_subject = other.m_subject;
- m_issuer = other.m_issuer;
- m_self_signed = other.m_self_signed;
- m_v3_extensions = other.m_v3_extensions;
- }
-
-X509_Certificate& X509_Certificate::operator=(const X509_Certificate& other)
- {
- if(&other == this)
- {
- return *this;
- }
- else
- {
- m_subject = other.m_subject;
- m_issuer = other.m_issuer;
- m_self_signed = other.m_self_signed;
- m_v3_extensions = other.m_v3_extensions;
- }
- return *this;
- }
-
-
/*
* Decode the TBSCertificate data
*/
@@ -128,7 +102,6 @@ void X509_Certificate::force_decode()
if(m_sig_algo != sig_algo_inner)
throw Decoding_Error("Algorithm identifier mismatch");
- m_self_signed = (dn_subject == dn_issuer);
m_subject.add(dn_subject.contents());
m_issuer.add(dn_issuer.contents());
@@ -171,6 +144,9 @@ void X509_Certificate::force_decode()
m_subject.add("X509.Certificate.public_key",
hex_encode(public_key.value));
+ std::unique_ptr<Public_Key> pub_key(subject_public_key());
+ m_self_signed = (dn_subject == dn_issuer) && check_signature(*pub_key);
+
if(m_self_signed && version == 0)
{
m_subject.add("X509v3.BasicConstraints.is_ca", 1);
diff --git a/src/lib/cert/x509/x509cert.h b/src/lib/cert/x509/x509cert.h
index eb98f9c3d..d64d8fd2b 100644
--- a/src/lib/cert/x509/x509cert.h
+++ b/src/lib/cert/x509/x509cert.h
@@ -274,9 +274,9 @@ class BOTAN_DLL X509_Certificate : public X509_Object
explicit X509_Certificate(const std::vector<byte>& in);
- X509_Certificate(const X509_Certificate& other);
+ X509_Certificate(const X509_Certificate& other) = default;
- X509_Certificate& operator=(const X509_Certificate& other);
+ X509_Certificate& operator=(const X509_Certificate& other) = default;
private:
void force_decode() override;
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index 436e27d39..c08b11d42 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -28,7 +28,8 @@ find_issuing_cert(const X509_Certificate& cert,
const X509_DN issuer_dn = cert.issuer_dn();
const std::vector<byte> auth_key_id = cert.authority_key_id();
- if(const X509_Certificate* c = end_certs.find_cert(issuer_dn, auth_key_id))
+ const X509_Certificate* c = end_certs.find_cert(issuer_dn, auth_key_id);
+ if(c && *c != cert)
return c;
for(size_t i = 0; i != certstores.size(); ++i)