projects
/
krb5.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
d746c24
)
In the PKINIT OpenSSL code, ensure that appropriate cerficiate fields
author
Greg Hudson
<ghudson@mit.edu>
Wed, 15 Sep 2010 17:10:05 +0000
(17:10 +0000)
committer
Greg Hudson
<ghudson@mit.edu>
Wed, 15 Sep 2010 17:10:05 +0000
(17:10 +0000)
have been set before using ku_reject. Patch from nalin@redhat.com.
ticket: 6775
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24313
dc483132
-0cff-0310-8789-
dd5450dbe970
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
patch
|
blob
|
history
diff --git
a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index c1d87c8ca98e724f68dd065afe8d7e4333b621ec..a109a6797ab79c097bfdded3f2315aab8fd42eb4 100644
(file)
--- a/
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@
-2005,6
+2005,7
@@
crypto_check_cert_eku(krb5_context context,
pkiDebug("%s: found acceptable EKU, checking for digitalSignature\n", __FUNCTION__);
/* check that digitalSignature KeyUsage is present */
+ X509_check_ca(reqctx->received_cert);
if ((usage = X509_get_ext_d2i(reqctx->received_cert,
NID_key_usage, NULL, NULL))) {
@@
-4551,6
+4552,7
@@
check_kus:
}
/* Make sure usage exists before checking bits */
+ X509_check_ca(x);
usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL);
if (usage) {
if (!ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))