pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files/lib Use X5...
details: https://anonhg.NetBSD.org/pkgsrc/rev/cc01cb0c14d0
branches: pkg_install-renovation
changeset: 541562:cc01cb0c14d0
user: joerg <joerg%pkgsrc.org@localhost>
date: Fri Jul 18 18:40:50 2008 +0000
description:
Use X509_check_ca to determine if this is a CA key.
This has the side effect of actually setting ex_xkusage.
diffstat:
pkgtools/pkg_install/files/lib/pkcs7.c | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diffs (42 lines):
diff -r 17fba4beee7c -r cc01cb0c14d0 pkgtools/pkg_install/files/lib/pkcs7.c
--- a/pkgtools/pkg_install/files/lib/pkcs7.c Sat Jul 05 17:26:39 2008 +0000
+++ b/pkgtools/pkg_install/files/lib/pkcs7.c Fri Jul 18 18:40:50 2008 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pkcs7.c,v 1.1.2.3 2008/07/05 17:26:40 joerg Exp $ */
+/* $NetBSD: pkcs7.c,v 1.1.2.4 2008/07/18 18:40:50 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
@@ -7,7 +7,7 @@
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: pkcs7.c,v 1.1.2.3 2008/07/05 17:26:40 joerg Exp $");
+__RCSID("$NetBSD: pkcs7.c,v 1.1.2.4 2008/07/18 18:40:50 joerg Exp $");
/*-
* Copyright (c) 2004, 2008 The NetBSD Foundation, Inc.
@@ -157,7 +157,8 @@
}
for (i = 0; i < sk_X509_num(signers); i++) {
- if (sk_X509_value(signers, i)->ex_flags & EXFLAG_CA) {
+ /* Check CA state and update ex_xkusage as side effect */
+ if (X509_check_ca(sk_X509_value(signers, i))) {
warnx("CA keys are not valid for signatures");
goto cleanup;
}
@@ -238,10 +239,12 @@
}
certificate = sk_X509_value(c, 0);
- if (certificate->ex_flags & EXFLAG_CA) {
+ /* Check CA state and update ex_xkusage as side effect */
+ if (X509_check_ca(certificate)) {
warnx("CA keys are not valid for signatures");
goto cleanup;
}
+
if (certificate->ex_xkusage != XKU_CODE_SIGN) {
warnx("Certificate must have CODE SIGNING property");
goto cleanup;
Home |
Main Index |
Thread Index |
Old Index