oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(verify_crl): handle with the signer is the CRLsigner (shortjcut).

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21861 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-08-08 10:26:22 +00:00
parent 0836763de3
commit 321ab99443
1 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/hx509/revoke.c
View File

@@ -405,13 +405,24 @@ verify_crl(hx509_context context,
_hx509_query_clear(&q);
q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
q.match |= HX509_QUERY_KU_CRLSIGN;
q.subject_name = &crl->tbsCertList.issuer;
ret = hx509_certs_find(context, certs, &q, &signer);
if (ret)
return ret;
/*
* If its the signer have CRLSIGN bit set, use that as the signer
* cert for the certificate, otherwise, search for a certificate.
*/
if (_hx509_check_key_usage(context, parent, 1 << 6, FALSE) == 0) {
signer = hx509_cert_ref(parent);
} else {
q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
q.match |= HX509_QUERY_KU_CRLSIGN;
q.subject_name = &crl->tbsCertList.issuer;
ret = hx509_certs_find(context, certs, &q, &signer);
if (ret) {
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"Failed to find certificate for CRL");
return ret;
}
}
ret = _hx509_verify_signature_bitstring(context,
_hx509_get_cert(signer),