x509: Don't include authKeyIdentifier in self-signed certificates

As the comment indicates this was the intention in
d7be2906433a7dcfefc1fd732587865688dbfe1b all along.

diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index cdffd348b7c700739e4784f931157055e4102f4a..9fd869e7794d8565cf4bc20d23e024d666dff972 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -2174,7 +2174,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
        }
 
        /* add the keyid authKeyIdentifier for non self-signed certificates */
-       if (sign_key)
+       if (sign_cert)
        {
                chunk_t keyid;