feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2686 from ejohnstown/crl-skid

Browse Source 
Check name hash after matching AKID for CRL
This commit is contained in:
toddouska
2019-12-18 13:48:59 -08:00
committed by GitHub
parent 573d045437 6c6d72e4d6
commit 0057eb16f8
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wolfcrypt/src/asn.c
View File

@@ -16189,10 +16189,16 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
if experiencing issues uncomment NO_SKID define in CRL section of if experiencing issues uncomment NO_SKID define in CRL section of
wolfssl/wolfcrypt/settings.h */ wolfssl/wolfcrypt/settings.h */
#ifndef NO_SKID #ifndef NO_SKID
if (dcrl->extAuthKeyIdSet) if (dcrl->extAuthKeyIdSet) {
ca = GetCA(cm, dcrl->extAuthKeyId); /* more unique than issuerHash */ ca = GetCA(cm, dcrl->extAuthKeyId); /* more unique than issuerHash */
if (ca == NULL) }
if (ca != NULL && XMEMCMP(dcrl->issuerHash, ca->subjectNameHash,
KEYID_SIZE) != 0) {
ca = NULL;
}
if (ca == NULL) {
ca = GetCAByName(cm, dcrl->issuerHash); /* last resort */ ca = GetCAByName(cm, dcrl->issuerHash); /* last resort */
}
#else #else
ca = GetCA(cm, dcrl->issuerHash); ca = GetCA(cm, dcrl->issuerHash);
#endif /* !NO_SKID */ #endif /* !NO_SKID */