]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96e6130) | patch
x509: Use subjectKeyIdentifier provided by issuer cert when checking CRL issuer
authorTobias Brunner <tobias@strongswan.org>
Thu, 18 Dec 2014 08:13:38 +0000 (09:13 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 6 Mar 2015 15:49:12 +0000 (16:49 +0100)
commit6133770db4d827ee5834a96b81627875811c6eab
tree4b66c438ccbeed003135f78c21a28f568dc2e52ftree
parent96e6130537df9d0388e73ba35e1984310b3a8653commit | diff
x509: Use subjectKeyIdentifier provided by issuer cert when checking CRL issuer

Some CAs don't use SHA-1 hashes of the public key as subjectKeyIdentifier and
authorityKeyIdentifier.  If that's the case we can't force the
calculation of the hash to compare that to authorityKeyIdentifier in the CRL,
instead we use the subjectKeyIdentifier stored in the issuer certificate, if
available.  Otherwise, we fall back to the SHA-1 hash (or comparing the
DNs) as before.
src/libstrongswan/plugins/x509/x509_crl.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.