summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--krl.c9
2 files changed, 11 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 4f8fe9713..428a93ddb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,11 @@
10 [krl.c] 10 [krl.c]
11 Revert last. Breaks due to likely typo. Let djm@ fix later. 11 Revert last. Breaks due to likely typo. Let djm@ fix later.
12 ok djm@ via dlg@ 12 ok djm@ via dlg@
13 - djm@cvs.openbsd.org 2013/01/25 10:22:19
14 [krl.c]
15 redo last commit without the vi-vomit that snuck in:
16 skip serial lookup when cert's serial number is zero
17 (now with 100% better comment)
13 18
1420130211 1920130211
15 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old 20 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
diff --git a/krl.c b/krl.c
index 6d86c2097..e4e1788f4 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: krl.c,v 1.7 2013/01/25 05:00:27 krw Exp $ */ 17/* $OpenBSD: krl.c,v 1.8 2013/01/25 10:22:19 djm Exp $ */
18 18
19#include "includes.h" 19#include "includes.h"
20 20
@@ -1148,8 +1148,11 @@ is_key_revoked(struct ssh_krl *krl, const Key *key)
1148 return -1; 1148 return -1;
1149 } 1149 }
1150 1150
1151 /* Legacy cert formats lack serial numbers */ 1151 /*
1152 if (key_cert_is_legacy(key)) 1152 * Legacy cert formats lack serial numbers. Zero serials numbers
1153 * are ignored (it's the default when the CA doesn't specify one).
1154 */
1155 if (key_cert_is_legacy(key) || key->cert->serial == 0)
1153 return 0; 1156 return 0;
1154 1157
1155 bzero(&rs, sizeof(rs)); 1158 bzero(&rs, sizeof(rs));
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 20:36:26 +0000