]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7d1f221)
openssl: Only allow certificates with cRLSign keyUsage to sign CRLs
authorTobias Brunner <tobias@strongswan.org>
Wed, 22 Feb 2023 16:21:15 +0000 (17:21 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 21 Mar 2023 15:34:14 +0000 (16:34 +0100)
src/libstrongswan/plugins/openssl/openssl_crl.c patch | blob | blame | history

diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 92f0ab481d57fe9ea496a114c37d26a17d4deeae..907a5fb2a3b7d097b40b7468f8afd2219c232220 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -303,7 +303,7 @@ METHOD(certificate_t, issued_by, bool,
                return FALSE;
        }
        x509 = (x509_t*)issuer;
-       if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN)))
+       if (!(x509->get_flags(x509) & X509_CRL_SIGN))
        {
                return FALSE;
        }
Unnamed repository; edit this file 'description' to name the repository.