From 3739d7925e15009b8e0dad514947f5da7053cb08 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <dev@ddvo.net>
Date: Wed, 16 Oct 2024 20:57:54 +0200
Subject: [PATCH] x509_trust.c: extend trust_compat() to allow for
 id-alg-noSignature as alternative to self-signed

---
 crypto/x509/x509_trust.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index 1a4345f2fec0a2..9a18827ca2d188 100644
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -241,7 +241,9 @@ static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
     /* Call for side-effect of setting EXFLAG_SS for self-signed-certs */
     if (X509_check_purpose(x, -1, 0) != 1)
         return X509_TRUST_UNTRUSTED;
-    if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && (x->ex_flags & EXFLAG_SS))
+    if ((flags & X509_TRUST_NO_SS_COMPAT) == 0
+        && ((x->ex_flags & EXFLAG_SS)
+            || OBJ_obj2nid(x->sig_alg.algorithm) == NID_id_alg_noSignature))
         return X509_TRUST_TRUSTED;
     else
         return X509_TRUST_UNTRUSTED;