Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / c28fc62d789d860c75e23a9fa9fb250eb2beca57^! / . / krl.c
commitc28fc62d789d860c75e23a9fa9fb250eb2beca57[log] [tgz]
authordjm@openbsd.org <djm@openbsd.org>Fri Jul 03 03:43:18 2015 +0000
committerDamien Miller <djm@mindrot.org>Wed Jul 15 15:35:09 2015 +1000
tree9b540db8aed167256bb61cd9df90dbedb31cc79d
parent564d63e1b4a9637a209d42a9d49646781fc9caef [diff] [blame]
upstream commit

delete support for legacy v00 certificates; "sure"
 markus@ dtucker@

Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f

diff --git a/krl.c b/krl.c
index a98252e..4075df8 100644
--- a/krl.c
+++ b/krl.c

@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.32 2015/06/24 23:47:23 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */
 
 #include "includes.h"
 
@@ -429,7 +429,7 @@
 	if (!sshkey_is_cert(key))
 		return ssh_krl_revoke_key_sha1(krl, key);
 
-	if (sshkey_cert_is_legacy(key) || key->cert->serial == 0) {
+	if (key->cert->serial == 0) {
 		return ssh_krl_revoke_cert_by_key_id(krl,
 		    key->cert->signature_key,
 		    key->cert->key_id);
@@ -1180,10 +1180,10 @@
 	}
 
 	/*
-	 * Legacy cert formats lack serial numbers. Zero serials numbers
-	 * are ignored (it's the default when the CA doesn't specify one).
+	 * Zero serials numbers are ignored (it's the default when the
+	 * CA doesn't specify one).
 	 */
-	if (sshkey_cert_is_legacy(key) || key->cert->serial == 0)
+	if (key->cert->serial == 0)
 		return 0;
 
 	memset(&rs, 0, sizeof(rs));