diff options
author | Damien Miller <djm@mindrot.org> | 2013-02-12 10:56:42 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-02-12 10:56:42 +1100 |
commit | 60565bcb5c26f38b9f1c0261c0608751979571d4 (patch) | |
tree | 10887bd8b4e64b17f7c86aafa88d01913306e71b | |
parent | 377d9a44f9c79c4fde96e973392175d5b22eed80 (diff) |
- djm@cvs.openbsd.org 2013/01/25 10:22:19
[krl.c]
redo last commit without the vi-vomit that snuck in:
skip serial lookup when cert's serial number is zero
(now with 100% better comment)
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | krl.c | 9 |
2 files changed, 11 insertions, 3 deletions
@@ -10,6 +10,11 @@ [krl.c] Revert last. Breaks due to likely typo. Let djm@ fix later. ok djm@ via dlg@ + - djm@cvs.openbsd.org 2013/01/25 10:22:19 + [krl.c] + redo last commit without the vi-vomit that snuck in: + skip serial lookup when cert's serial number is zero + (now with 100% better comment) 20130211 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.7 2013/01/25 05:00:27 krw Exp $ */ +/* $OpenBSD: krl.c,v 1.8 2013/01/25 10:22:19 djm Exp $ */ #include "includes.h" @@ -1148,8 +1148,11 @@ is_key_revoked(struct ssh_krl *krl, const Key *key) return -1; } - /* Legacy cert formats lack serial numbers */ - if (key_cert_is_legacy(key)) + /* + * Legacy cert formats lack serial numbers. Zero serials numbers + * are ignored (it's the default when the CA doesn't specify one). + */ + if (key_cert_is_legacy(key) || key->cert->serial == 0) return 0; bzero(&rs, sizeof(rs)); |