Eric Biggers <ebiggers3@xxxxxxxxx> wrote: > The X.509 parser is guaranteed to set cert->sig->pkey_algo and > cert->sig->hash_algo, since x509_note_pkey_algo() is a mandatory action > in the X.509 ASN.1 grammar, and it returns an error code if an > unrecognized AlgorithmIdentifier is given rather than leaving the > algorithms as NULL. I'm leaning towards ENOPKG production here being deferred so that X.509 certs that we can't verify can still be built into the kernel or loaded from 'trusted' sources. Let me think about this a bit more. David