X.509: Extract both parts of the AuthorityKeyIdentifier

Extract both parts of the AuthorityKeyIdentifier, not just the keyIdentifier, as the second part can be used to match X.509 certificates by issuer and serialNumber. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Vivek Goyal <vgoyal@redhat.com>
author: David Howells <dhowells@redhat.com> 2015-07-20 21:16:26 +0100
committer: David Howells <dhowells@redhat.com> 2015-08-07 16:26:13 +0100
commit: b92e6570a992c7d793a209db282f68159368201c (patch)
tree: 37f9f533b4d28508fca8c1f6c1229c0182d47acc /crypto/asymmetric_keys/pkcs7_trust.c
parent: c05cae9a58dca6dcbc6e66b228a9589c6b60880c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
index 1d29376072da..0f6463b6692b 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -85,8 +85,8 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
 	/* No match - see if the root certificate has a signer amongst the
 	 * trusted keys.
 	 */
-	if (last && last->authority) {
-		key = x509_request_asymmetric_key(trust_keyring, last->authority,
+	if (last && last->akid_skid) {
+		key = x509_request_asymmetric_key(trust_keyring, last->akid_skid,
 						  false);
 		if (!IS_ERR(key)) {
 			x509 = last;
author	David Howells <dhowells@redhat.com>	2015-07-20 21:16:26 +0100
committer	David Howells <dhowells@redhat.com>	2015-08-07 16:26:13 +0100
commit	b92e6570a992c7d793a209db282f68159368201c (patch)
tree	37f9f533b4d28508fca8c1f6c1229c0182d47acc /crypto/asymmetric_keys/pkcs7_trust.c
parent	c05cae9a58dca6dcbc6e66b228a9589c6b60880c (diff)