From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 9 Apr 2014 13:28:54 +0000 (+0200)
Subject: x509: Don't include authKeyIdentifier in self-signed certificates
X-Git-Tag: 5.1.3~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7d04ba6c462911d16948a9229f2fa8192c7d20c;p=thirdparty%2Fstrongswan.git

x509: Don't include authKeyIdentifier in self-signed certificates

As the comment indicates this was the intention in
d7be2906433a7dcfefc1fd732587865688dbfe1b all along.
---

diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index cdffd348b7..9fd869e779 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -2174,7 +2174,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
 	}
 
 	/* add the keyid authKeyIdentifier for non self-signed certificates */
-	if (sign_key)
+	if (sign_cert)
 	{
 		chunk_t keyid;