upstream commit
fix KRL generation when multiple CAs are in use We would generate an invalid KRL when revoking certs by serial number for multiple CA keys due to a section being written out twice. Also extend the regress test to catch this case by having it produce a multi-CA KRL. Reported by peter AT pean.org
This commit is contained in:
parent
da8af83d3f
commit
9f9fad0191
3
krl.c
3
krl.c
|
@ -14,7 +14,7 @@
|
|||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $OpenBSD: krl.c,v 1.17 2014/06/24 01:13:21 djm Exp $ */
|
||||
/* $OpenBSD: krl.c,v 1.18 2014/11/17 00:21:40 djm Exp $ */
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
|
@ -686,6 +686,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, Buffer *buf, const Key **sign_keys,
|
|||
|
||||
/* Store sections for revoked certificates */
|
||||
TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {
|
||||
buffer_clear(§);
|
||||
if (revoked_certs_generate(rc, §) != 0)
|
||||
goto out;
|
||||
buffer_put_char(buf, KRL_SECTION_CERTIFICATES);
|
||||
|
|
Loading…
Reference in New Issue