diff options
| author | David Howells <dhowells@redhat.com> | 2015-07-20 21:16:26 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2015-08-07 16:26:13 +0100 |
| commit | 73e55e8c4c4a2635c5630733beffe872177511a5 (patch) | |
| tree | 8cfc4e3471fcba5eb615562012f5a7304e4ad336 /crypto/asymmetric_keys/pkcs7_trust.c | |
| parent | 2d361b75fadcca0a45fc1dccc96c3c74ce80dd6c (diff) | |
| download | linux-crypto-73e55e8c4c4a2635c5630733beffe872177511a5.tar.gz linux-crypto-73e55e8c4c4a2635c5630733beffe872177511a5.zip | |
X.509: Extract both parts of the AuthorityKeyIdentifier
Extract both parts of the AuthorityKeyIdentifier, not just the keyIdentifier,
as the second part can be used to match X.509 certificates by issuer and
serialNumber.
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Vivek Goyal <vgoyal@redhat.com>
Diffstat (limited to 'crypto/asymmetric_keys/pkcs7_trust.c')
| -rw-r--r-- | crypto/asymmetric_keys/pkcs7_trust.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c index 1d293760..0f6463b6 100644 --- a/crypto/asymmetric_keys/pkcs7_trust.c +++ b/crypto/asymmetric_keys/pkcs7_trust.c @@ -85,8 +85,8 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, /* No match - see if the root certificate has a signer amongst the * trusted keys. */ - if (last && last->authority) { - key = x509_request_asymmetric_key(trust_keyring, last->authority, + if (last && last->akid_skid) { + key = x509_request_asymmetric_key(trust_keyring, last->akid_skid, false); if (!IS_ERR(key)) { x509 = last; |