Verify the signature on a self-signed TA cert against it's own pubkey
X509_verify_cert() doesn't check the purported root certificate itself
unless X509_V_FLAG_CHECK_SS_SIGNATURE is set.
The pubkey was compared against the TAL, so check that the signature is
right as required by RFC 6487, section 7, additional condition 1,
applied to self-issued certs.
The error check looks weird, but OpenSSL 3 broke yet another API.
projects / thirdparty / FORT-validator.git / commit
