diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-07-03 03:43:18 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-07-15 15:35:09 +1000 |
commit | c28fc62d789d860c75e23a9fa9fb250eb2beca57 (patch) | |
tree | 9b540db8aed167256bb61cd9df90dbedb31cc79d /krl.c | |
parent | 564d63e1b4a9637a209d42a9d49646781fc9caef (diff) |
upstream commit
delete support for legacy v00 certificates; "sure"
markus@ dtucker@
Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
Diffstat (limited to 'krl.c')
-rw-r--r-- | krl.c | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -14,7 +14,7 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | /* $OpenBSD: krl.c,v 1.32 2015/06/24 23:47:23 djm Exp $ */ | 17 | /* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | 20 | ||
@@ -429,7 +429,7 @@ ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key) | |||
429 | if (!sshkey_is_cert(key)) | 429 | if (!sshkey_is_cert(key)) |
430 | return ssh_krl_revoke_key_sha1(krl, key); | 430 | return ssh_krl_revoke_key_sha1(krl, key); |
431 | 431 | ||
432 | if (sshkey_cert_is_legacy(key) || key->cert->serial == 0) { | 432 | if (key->cert->serial == 0) { |
433 | return ssh_krl_revoke_cert_by_key_id(krl, | 433 | return ssh_krl_revoke_cert_by_key_id(krl, |
434 | key->cert->signature_key, | 434 | key->cert->signature_key, |
435 | key->cert->key_id); | 435 | key->cert->key_id); |
@@ -1180,10 +1180,10 @@ is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc) | |||
1180 | } | 1180 | } |
1181 | 1181 | ||
1182 | /* | 1182 | /* |
1183 | * Legacy cert formats lack serial numbers. Zero serials numbers | 1183 | * Zero serials numbers are ignored (it's the default when the |
1184 | * are ignored (it's the default when the CA doesn't specify one). | 1184 | * CA doesn't specify one). |
1185 | */ | 1185 | */ |
1186 | if (sshkey_cert_is_legacy(key) || key->cert->serial == 0) | 1186 | if (key->cert->serial == 0) |
1187 | return 0; | 1187 | return 0; |
1188 | 1188 | ||
1189 | memset(&rs, 0, sizeof(rs)); | 1189 | memset(&rs, 0, sizeof(rs)); |