Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 60565bcb5c26f38b9f1c0261c0608751979571d4^! / . / krl.c
commit60565bcb5c26f38b9f1c0261c0608751979571d4[log] [tgz]
authorDamien Miller <djm@mindrot.org>Tue Feb 12 10:56:42 2013 +1100
committerDamien Miller <djm@mindrot.org>Tue Feb 12 10:56:42 2013 +1100
tree10887bd8b4e64b17f7c86aafa88d01913306e71b
parent377d9a44f9c79c4fde96e973392175d5b22eed80 [diff] [blame]
   - djm@cvs.openbsd.org 2013/01/25 10:22:19
     [krl.c]
     redo last commit without the vi-vomit that snuck in:
     skip serial lookup when cert's serial number is zero
     (now with 100% better comment)

diff --git a/krl.c b/krl.c
index 6d86c20..e4e1788 100644
--- a/krl.c
+++ b/krl.c

@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.7 2013/01/25 05:00:27 krw Exp $ */
+/* $OpenBSD: krl.c,v 1.8 2013/01/25 10:22:19 djm Exp $ */
 
 #include "includes.h"
 
@@ -1148,8 +1148,11 @@
 		return -1;
 	}
 
-	/* Legacy cert formats lack serial numbers */
-	if (key_cert_is_legacy(key))
+	/*
+	 * Legacy cert formats lack serial numbers. Zero serials numbers
+	 * are ignored (it's the default when the CA doesn't specify one).
+	 */
+	if (key_cert_is_legacy(key) || key->cert->serial == 0)
 		return 0;
 
 	bzero(&rs, sizeof(rs));