diff options
author | Damien Miller <djm@mindrot.org> | 2013-02-12 10:54:54 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-02-12 10:54:54 +1100 |
commit | 6045f5d5748582dff473934d760cf0e7e892da8b (patch) | |
tree | 0dbceeee28084e98c72c1dc5a6f9fa326934ccc4 | |
parent | ea078462ea9b6efec982dce999ffa47ca1055077 (diff) |
- djm@cvs.openbsd.org 2013/01/24 22:08:56
[krl.c]
skip serial lookup when cert's serial number is zero
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | krl.c | 4 |
2 files changed, 5 insertions, 2 deletions
@@ -3,6 +3,9 @@ - djm@cvs.openbsd.org 2013/01/24 21:45:37 [krl.c] fix handling of (unused) KRL signatures; skip string in correct buffer + - djm@cvs.openbsd.org 2013/01/24 22:08:56 + [krl.c] + skip serial lookup when cert's serial number is zero 20130211 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.5 2013/01/24 21:45:37 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.6 2013/01/24 22:08:56 djm Exp $ */ #include "includes.h" @@ -1149,7 +1149,7 @@ is_key_revoked(struct ssh_krl *krl, const Key *key) } /* Legacy cert formats lack serial numbers */ - if (key_cert_is_legacy(key)) + if (key_cert_is_legacy(key) || key->cert->serial == buf0) return 0; bzero(&rs, sizeof(rs)); |