Commit 5a55913f10 for openssl.org

commit 5a55913f10e9fe8686c82778810aa6b7d5335e4d
Author: Bob Beck <beck@openssl.org>
Date:   Fri May 22 04:10:37 2026 -0600

    Don't attempt to check the security level on what signed our own certificate.

    What matters to us is that the key *we* are using matches our desired
    security level, as we may sign things with that key. As far as who
    signed us, this could be signed by something we don't recognize at all,
    and it is up to the peer to decide if the thing signing us matters to
    it (i.e. if it recognizes the algorithm, decides it's strong enough,
    or it even verifies the signature, as it might already trusts our key
    due to pinning, TOFU, Prayer and Clean Living, or whatever.)

    Obviously, we still check the security level on any signatures *we*
    recieve to verify *from* a peer.

    Fixes: https://github.com/openssl/openssl/issues/31195

    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Norbert Pocs <norbertp@openssl.org>
    MergeDate: Tue Jun 30 10:47:09 2026
    (Merged from https://github.com/openssl/openssl/pull/31271)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 01fcdefe1e..df3db34125 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4585,26 +4585,6 @@ static int ssl_security_cert_key(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
         return ssl_ctx_security(ctx, op, secbits, 0, x);
 }

-static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
-    int op)
-{
-    /* Lookup signature algorithm digest */
-    int secbits, nid, pknid;
-
-    /* Don't check signature if self signed */
-    if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
-        return 1;
-    if (!X509_get_signature_info(x, &nid, &pknid, &secbits, NULL))
-        secbits = -1;
-    /* If digest NID not defined use signature NID */
-    if (nid == NID_undef)
-        nid = pknid;
-    if (s != NULL)
-        return ssl_security(s, op, secbits, nid, x);
-    else
-        return ssl_ctx_security(ctx, op, secbits, nid, x);
-}
-
 int ssl_security_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, int is_ee)
 {
     if (is_ee) {
@@ -4614,15 +4594,16 @@ int ssl_security_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, int is_ee)
         if (!ssl_security_cert_key(s, ctx, x, SSL_SECOP_CA_KEY))
             return SSL_R_CA_KEY_TOO_SMALL;
     }
-    if (!ssl_security_cert_sig(s, ctx, x, SSL_SECOP_CA_MD))
-        return SSL_R_CA_MD_TOO_WEAK;
     return 1;
 }

 /*
- * Check security of a chain, if |sk| includes the end entity certificate then
- * |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending
- * one to the peer. Return values: 1 if ok otherwise error code to use
+ * Call ssl_security_check() on all certificates in a stack.
+ * If |x| is non NULL it is checked first, before checking the
+ * certificates in the stack.
+ *
+ * Return values: 1 if ok otherwise the error code from the first
+ * failing ssl_security_check().;
  */

 int ssl_security_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk,