- djm@cvs.openbsd.org 2013/01/25 10:22:19
[krl.c]
redo last commit without the vi-vomit that snuck in:
skip serial lookup when cert's serial number is zero
(now with 100% better comment)
diff --git a/ChangeLog b/ChangeLog
index 4f8fe97..428a93d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,11 @@
[krl.c]
Revert last. Breaks due to likely typo. Let djm@ fix later.
ok djm@ via dlg@
+ - djm@cvs.openbsd.org 2013/01/25 10:22:19
+ [krl.c]
+ redo last commit without the vi-vomit that snuck in:
+ skip serial lookup when cert's serial number is zero
+ (now with 100% better comment)
20130211
- (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
diff --git a/krl.c b/krl.c
index 6d86c20..e4e1788 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.c,v 1.7 2013/01/25 05:00:27 krw Exp $ */
+/* $OpenBSD: krl.c,v 1.8 2013/01/25 10:22:19 djm Exp $ */
#include "includes.h"
@@ -1148,8 +1148,11 @@
return -1;
}
- /* Legacy cert formats lack serial numbers */
- if (key_cert_is_legacy(key))
+ /*
+ * Legacy cert formats lack serial numbers. Zero serials numbers
+ * are ignored (it's the default when the CA doesn't specify one).
+ */
+ if (key_cert_is_legacy(key) || key->cert->serial == 0)
return 0;
bzero(&rs, sizeof(rs));