upstream commit
delete support for legacy v00 certificates; "sure"
markus@ dtucker@
Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
diff --git a/krl.c b/krl.c
index a98252e..4075df8 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.c,v 1.32 2015/06/24 23:47:23 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */
#include "includes.h"
@@ -429,7 +429,7 @@
if (!sshkey_is_cert(key))
return ssh_krl_revoke_key_sha1(krl, key);
- if (sshkey_cert_is_legacy(key) || key->cert->serial == 0) {
+ if (key->cert->serial == 0) {
return ssh_krl_revoke_cert_by_key_id(krl,
key->cert->signature_key,
key->cert->key_id);
@@ -1180,10 +1180,10 @@
}
/*
- * Legacy cert formats lack serial numbers. Zero serials numbers
- * are ignored (it's the default when the CA doesn't specify one).
+ * Zero serials numbers are ignored (it's the default when the
+ * CA doesn't specify one).
*/
- if (sshkey_cert_is_legacy(key) || key->cert->serial == 0)
+ if (key->cert->serial == 0)
return 0;
memset(&rs, 0, sizeof(rs));