upstream commit

delete support for legacy v00 certificates; "sure" markus@ dtucker@ Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
author: djm@openbsd.org <djm@openbsd.org> 2015-07-03 03:43:18 +0000
committer: Damien Miller <djm@mindrot.org> 2015-07-15 15:35:09 +1000
commit: c28fc62d789d860c75e23a9fa9fb250eb2beca57 (patch)
tree: 9b540db8aed167256bb61cd9df90dbedb31cc79d /krl.c
parent: 564d63e1b4a9637a209d42a9d49646781fc9caef (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/krl.c b/krl.c
index a98252ef8..4075df853 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
-/* $OpenBSD: krl.c,v 1.32 2015/06/24 23:47:23 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */
 #include "includes.h"
@@ -429,7 +429,7 @@ ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key)
        if (!sshkey_is_cert(key))
                return ssh_krl_revoke_key_sha1(krl, key);
-        if (sshkey_cert_is_legacy(key) || key->cert->serial == 0) {
+        if (key->cert->serial == 0) {
                return ssh_krl_revoke_cert_by_key_id(krl,
                    key->cert->signature_key,
                    key->cert->key_id);
@@ -1180,10 +1180,10 @@ is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc)
        }
        /*
-         * Legacy cert formats lack serial numbers. Zero serials numbers
+         * Zero serials numbers are ignored (it's the default when the
-         * are ignored (it's the default when the CA doesn't specify one).
+         * CA doesn't specify one).
         */
-        if (sshkey_cert_is_legacy(key) || key->cert->serial == 0)
+        if (key->cert->serial == 0)
                return 0;
        memset(&rs, 0, sizeof(rs));
author	djm@openbsd.org <djm@openbsd.org>	2015-07-03 03:43:18 +0000
committer	Damien Miller <djm@mindrot.org>	2015-07-15 15:35:09 +1000
commit	c28fc62d789d860c75e23a9fa9fb250eb2beca57 (patch)
tree	9b540db8aed167256bb61cd9df90dbedb31cc79d /krl.c
parent	564d63e1b4a9637a209d42a9d49646781fc9caef (diff)

diff --git a/krl.c b/krl.c index a98252ef8..4075df853 100644 --- a/krl.c +++ b/krl.c
@@ -14,7 +14,7 @@
14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15	*/	15	*/
16		16
17	/* $OpenBSD: krl.c,v 1.32 2015/06/24 23:47:23 djm Exp $ */	17	/* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */
18		18
19	#include "includes.h"	19	#include "includes.h"
20		20
@@ -429,7 +429,7 @@ ssh_krl_revoke_key(struct ssh_krl krl, const struct sshkey key)
429	if (!sshkey_is_cert(key))	429	if (!sshkey_is_cert(key))
430	return ssh_krl_revoke_key_sha1(krl, key);	430	return ssh_krl_revoke_key_sha1(krl, key);
431		431
432	if (sshkey_cert_is_legacy(key) \|\| key->cert->serial == 0) {	432	if (key->cert->serial == 0) {
433	return ssh_krl_revoke_cert_by_key_id(krl,	433	return ssh_krl_revoke_cert_by_key_id(krl,
434	key->cert->signature_key,	434	key->cert->signature_key,
435	key->cert->key_id);	435	key->cert->key_id);
@@ -1180,10 +1180,10 @@ is_cert_revoked(const struct sshkey key, struct revoked_certs rc)
1180	}	1180	}
1181		1181
1182	/*	1182	/*
1183	* Legacy cert formats lack serial numbers. Zero serials numbers	1183	* Zero serials numbers are ignored (it's the default when the
1184	* are ignored (it's the default when the CA doesn't specify one).	1184	* CA doesn't specify one).
1185	*/	1185	*/
1186	if (sshkey_cert_is_legacy(key) \|\| key->cert->serial == 0)	1186	if (key->cert->serial == 0)
1187	return 0;	1187	return 0;
1188		1188
1189	memset(&rs, 0, sizeof(rs));	1189	memset(&rs, 0, sizeof(rs));