]> git.ipfire.org Git - thirdparty/FORT-validator.git/commitdiff
projects / thirdparty / FORT-validator.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 81885ce)
Call X509_ALGOR_get0() instead of dereferencing ASN1_OBJECT
authorAlberto Leiva Popper <ydahhrk@gmail.com>
Tue, 3 Oct 2023 17:17:21 +0000 (11:17 -0600)
committerAlberto Leiva Popper <ydahhrk@gmail.com>
Tue, 3 Oct 2023 17:17:21 +0000 (11:17 -0600)
Seems to be the formal way of doing it.

src/algorithm.c patch | blob | blame | history

diff --git a/src/algorithm.c b/src/algorithm.c
index f5199bdb953c71dc52729cde5ff16c9a92e7329c..fb8d0f638dafbac5ec5a950b25fb48bee38316ae 100644 (file)
--- a/src/algorithm.c
+++ b/src/algorithm.c
@@ -37,14 +37,17 @@ validate_certificate_signature_algorithm(int nid, char const *what)
 int
 validate_certificate_public_key_algorithm(X509_ALGOR *pa)
 {
+       ASN1_OBJECT const *algorithm;
        int nid;
 
+       X509_ALGOR_get0(&algorithm, NULL, NULL, pa);
+
        /*
         * RFC says sha256WithRSAEncryption, but current IETF concensus (and
         * practice) say that the right one is rsaEncryption.
         * https://mailarchive.ietf.org/arch/browse/sidr/
         */
-       nid = OBJ_obj2nid(pa->algorithm);
+       nid = OBJ_obj2nid(algorithm);
        if (nid == NID_rsaEncryption)
                return 0;
 
Mirror of https://github.com/NICMx/FORT-validator.git