Drop cached certificate signature validity flag

It seems risky in the context of cross-signed certificates when the same certificate might have multiple potential issuers. Also rarely used, since chains in OpenSSL typically only employ self-signed trust-anchors, whose self-signatures are not checked, while untrusted certificates are generally ephemeral. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
author: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-01-17 02:33:14 -0500
committer: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-01-18 13:20:48 -0500
commit: 0e76014e584ba78ef1d6ecb4572391ef61c4fb51 (patch)
tree: 7f12b477dda49ed717ab35a38e81f39f019f6a02 /crypto/x509/x_x509.c
parent: 86334b6a61b35a3f3d487cc0eb74ac1aff79d185 (diff)
download: openssl-new-0e76014e584ba78ef1d6ecb4572391ef61c4fb51.tar.gz
1 files changed, 0 insertions, 1 deletions
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 47333217e7..53a5eb77f9 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -90,7 +90,6 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
     switch (operation) {
 
     case ASN1_OP_NEW_POST:
-        ret->valid = 0;
         ret->name = NULL;
         ret->ex_flags = 0;
         ret->ex_pathlen = -1;
author	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-01-17 02:33:14 -0500
committer	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-01-18 13:20:48 -0500
commit	0e76014e584ba78ef1d6ecb4572391ef61c4fb51 (patch)
tree	7f12b477dda49ed717ab35a38e81f39f019f6a02 /crypto/x509/x_x509.c
parent	86334b6a61b35a3f3d487cc0eb74ac1aff79d185 (diff)
download	openssl-new-0e76014e584ba78ef1d6ecb4572391ef61c4fb51.tar.gz