Re: PKCS#7: Verify internal certificate chain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:

>    193			if (x509->issuer)
>                             ^^^^^^^^^^^^
> Check.
> 
>    194				pr_debug("- issuer %s\n", x509->issuer);

Actually, x509->subject and x509->issuer are mandatory in the ASN.1 definition
and point to empty strings if there's no name material we can use, so the
check is superfluous.

>    199			    (x509->subject &&

This check too.

However, I probably should check that x509->subject is not an empty string.

>    238                  pr_debug("- issuer %s\n", p->subject);
>                                     ^^^^^^
> Also this looks like it should be "subject" instead of "issuer" but
> maybe they are the same?

This is the subject attribute of issuing certificate (that p points to), not
the issuing attribute of the subject certificate (that x509 points to).

Note this is a debugging line.  x509->issuer was printed by a pr_debug()
several lines above.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux