From df1cda345f1cd60a13f4497e34a468b62f128a6f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 25 Jan 2015 18:52:11 -0500 Subject: [PATCH] Use inner algorithm when printing certificate. (Imported from upstream's 004efdbb41f731d36bf12d251909aaa08704a756.) The outer algorithm is already printed at the bottom of the function. This allows any tools which print the X509 this way to determine if there is a mismatch. This is also the point where the TBSCertificate is printed, not the Certificate. See upstream's RT #3665. Change-Id: I89baa4e4b626abf8813545a90eaa4409489ad893 Reviewed-on: https://boringssl-review.googlesource.com/3022 Reviewed-by: Adam Langley --- crypto/x509/t_x509.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 75034b75..2b9a4216 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -160,16 +160,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) if(!(cflag & X509_FLAG_NO_SIGNAME)) { - if(X509_signature_print(bp, x->sig_alg, NULL) <= 0) + if (X509_signature_print(bp, ci->signature, NULL) <= 0) goto err; -#if 0 - if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) - goto err; - if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) - goto err; - if (BIO_puts(bp, "\n") <= 0) - goto err; -#endif } if(!(cflag & X509_FLAG_NO_ISSUER))