GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-06-26 00:21:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

PKCS#7: Make trust determination dependent on contents of trust keyring

Browse source 
Make the determination of the trustworthiness of a key dependent on whether
a key that can verify it is present in the supplied ring of trusted keys
rather than whether or not the verifying key has KEY_FLAG_TRUSTED set.

verify_pkcs7_signature() will return -ENOKEY if the PKCS#7 message trust
chain cannot be verified.

Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
David Howells 2016-04-06 16:14:24 +01:00
parent e68503bd68
commit bda850cd21
9 changed files with 11 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

1
crypto/asymmetric_keys/x509_parser.h
View file

@ -39,7 +39,6 @@ struct x509_certificate {
unsigned index;
bool seen; /* Infinite recursion prevention */
bool verified;
bool trusted;
bool self_signed; /* T if self-signed (check unsupported_sig too) */
bool unsupported_key; /* T if key uses unsupported crypto */
bool unsupported_sig; /* T if signature uses unsupported crypto */