pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files/lib Use X5...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/cc01cb0c14d0
branches:  pkg_install-renovation
changeset: 541562:cc01cb0c14d0
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Fri Jul 18 18:40:50 2008 +0000

description:
Use X509_check_ca to determine if this is a CA key.
This has the side effect of actually setting ex_xkusage.

diffstat:

 pkgtools/pkg_install/files/lib/pkcs7.c |  11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)

diffs (42 lines):

diff -r 17fba4beee7c -r cc01cb0c14d0 pkgtools/pkg_install/files/lib/pkcs7.c
--- a/pkgtools/pkg_install/files/lib/pkcs7.c    Sat Jul 05 17:26:39 2008 +0000
+++ b/pkgtools/pkg_install/files/lib/pkcs7.c    Fri Jul 18 18:40:50 2008 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pkcs7.c,v 1.1.2.3 2008/07/05 17:26:40 joerg Exp $      */
+/*     $NetBSD: pkcs7.c,v 1.1.2.4 2008/07/18 18:40:50 joerg Exp $      */
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -7,7 +7,7 @@
 #include <sys/cdefs.h>
 #endif
 
-__RCSID("$NetBSD: pkcs7.c,v 1.1.2.3 2008/07/05 17:26:40 joerg Exp $");
+__RCSID("$NetBSD: pkcs7.c,v 1.1.2.4 2008/07/18 18:40:50 joerg Exp $");
 
 /*-
  * Copyright (c) 2004, 2008 The NetBSD Foundation, Inc.
@@ -157,7 +157,8 @@
        }
 
        for (i = 0; i < sk_X509_num(signers); i++) {
-               if (sk_X509_value(signers, i)->ex_flags & EXFLAG_CA) {
+               /* Check CA state and update ex_xkusage as side effect */
+               if (X509_check_ca(sk_X509_value(signers, i))) {
                        warnx("CA keys are not valid for signatures");
                        goto cleanup;
                }
@@ -238,10 +239,12 @@
        }
        certificate = sk_X509_value(c, 0);
 
-       if (certificate->ex_flags & EXFLAG_CA) {
+       /* Check CA state and update ex_xkusage as side effect */
+       if (X509_check_ca(certificate)) {
                warnx("CA keys are not valid for signatures");
                goto cleanup;
        }
+
        if (certificate->ex_xkusage != XKU_CODE_SIGN) {
                warnx("Certificate must have CODE SIGNING property");
                goto cleanup;



Home | Main Index | Thread Index | Old Index