From c0c59a96f2e2ad5f12fdf531e18028255f5b293a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Thu, 13 Jul 2006 18:22:22 +0000
Subject: [PATCH] Rename HDB-Ext-PKINIT-certificate to HDB-Ext-PKINIT-hash. Add
 trust anchor to HDB-Ext-PKINIT-acl.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17829 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hdb/hdb.asn1 | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/hdb/hdb.asn1 b/lib/hdb/hdb.asn1
index 34afd6f59..5e8e033e4 100644
--- a/lib/hdb/hdb.asn1
+++ b/lib/hdb/hdb.asn1
@@ -54,10 +54,14 @@ GENERATION ::= SEQUENCE {
 
 HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE {
 	subject[0]	UTF8String,
-	issuer[1]	UTF8String
+	issuer[1]	UTF8String OPTIONAL,
+	anchor[2]	UTF8String OPTIONAL
 }
 
-HDB-Ext-PKINIT-certificate ::= SEQUENCE OF OCTET STRING
+HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE {
+	digest-type[0] OBJECT IDENTIFIER,
+	digest[1] OCTET STRING
+}
 
 HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal
 
@@ -82,7 +86,7 @@ HDB-extension ::= SEQUENCE {
                                         --   be rejected
         data[1]          CHOICE {
 	        pkinit-acl[0]			HDB-Ext-PKINIT-acl,
-	        pkinit-cert[1]  		HDB-Ext-PKINIT-certificate,
+	        pkinit-cert-hash[1]  		HDB-Ext-PKINIT-hash,
 		allowed-to-delegate-to[2]   HDB-Ext-Constrained-delegation-acl,
 --		referral-info[3]		HDB-Ext-Referrals,
 		lm-owf[4]			HDB-Ext-Lan-Manager-OWF,