aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--rcynic/rcynic.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c
index 17b1493b..d22e95d4 100644
--- a/rcynic/rcynic.c
+++ b/rcynic/rcynic.c
@@ -2891,6 +2891,7 @@ static int check_aki(rcynic_ctx_t *rc,
if (ASN1_OCTET_STRING_cmp(aki->keyid, issuer->skid)) {
log_validation_status(rc, uri, aki_extension_issuer_mismatch, generation);
+ return 0;
}
return 1;
@@ -3513,11 +3514,6 @@ static int check_x509(rcynic_ctx_t *rc,
goto done;
}
- if ((issuer_pkey = X509_get_pubkey(w->cert)) == NULL || X509_verify(x, issuer_pkey) <= 0) {
- log_validation_status(rc, uri, certificate_bad_signature, generation);
- goto done;
- }
-
if (x->akid) {
ex_count--;
if (!check_aki(rc, uri, w->cert, x->akid, generation))
@@ -3529,6 +3525,11 @@ static int check_x509(rcynic_ctx_t *rc,
goto done;
}
+ if ((issuer_pkey = X509_get_pubkey(w->cert)) == NULL || X509_verify(x, issuer_pkey) <= 0) {
+ log_validation_status(rc, uri, certificate_bad_signature, generation);
+ goto done;
+ }
+
if (certinfo->ta) {
if (certinfo->crldp.s[0]) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-13 03:08:13 +0000