X.509: Extract both parts of the AuthorityKeyIdentifier Extract both parts of the AuthorityKeyIdentifier, not just the keyIdentifier, as the second part can be used to match X.509 certificates by issuer and serialNumber. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Vivek Goyal <vgoyal@redhat.com>

commit: b92e6570a992c7d793a209db282f68159368201c [log] [tgz]
author: David Howells <dhowells@redhat.com> Mon Jul 20 21:16:26 2015 +0100
committer: David Howells <dhowells@redhat.com> Fri Aug 07 16:26:13 2015 +0100
tree: 37f9f533b4d28508fca8c1f6c1229c0182d47acc
parent: c05cae9a58dca6dcbc6e66b228a9589c6b60880c [diff] [blame]
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index 3dfe6b5..dcdb5c9 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h

@@ -19,9 +19,10 @@
 	struct public_key_signature sig;	/* Signature parameters */
 	char		*issuer;		/* Name of certificate issuer */
 	char		*subject;		/* Name of certificate subject */
-	struct asymmetric_key_id *id;		/* Serial number + issuer */
+	struct asymmetric_key_id *id;		/* Issuer + Serial number */
 	struct asymmetric_key_id *skid;		/* Subject + subjectKeyId (optional) */
-	struct asymmetric_key_id *authority;	/* Authority key identifier (optional) */
+	struct asymmetric_key_id *akid_id;	/* CA AuthKeyId matching ->id (optional) */
+	struct asymmetric_key_id *akid_skid;	/* CA AuthKeyId matching ->skid (optional) */
 	struct tm	valid_from;
 	struct tm	valid_to;
 	const void	*tbs;			/* Signed data */
commit	b92e6570a992c7d793a209db282f68159368201c	[log] [tgz]
author	David Howells <dhowells@redhat.com>	Mon Jul 20 21:16:26 2015 +0100
committer	David Howells <dhowells@redhat.com>	Fri Aug 07 16:26:13 2015 +0100
tree	37f9f533b4d28508fca8c1f6c1229c0182d47acc
parent	c05cae9a58dca6dcbc6e66b228a9589c6b60880c [diff] [blame]