Re: [PATCH] X.509: Add messages for obsolete OIDs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Mimi,

On Wed, Mar 27, 2019 at 03:36:04PM -0400, Mimi Zohar wrote:
> On Fri, 2019-03-22 at 14:27 +0800, Lee, Chun-Yi wrote:
> > We found that the db in Acer machine has self signed certificates
> > (CN=DisablePW or CN=ABO) that they used obsolete OID 1.3.14.3.2.29
> > sha1WithRSASignature and 2.5.29.1 subjectKeyIdentifier. Kernel
> > emits -65 error code when loading those certificates to platform
> > keyring:
> > 
> > [    1.484388] integrity: Loading X.509 certificate: UEFI:MokListRT
> > [    1.485557] integrity: Problem loading X.509 certificate -65
> > [    1.486100] Error adding keys to platform keyring UEFI:MokListRT
> > 
> > Because the -65 error code is not enough for appeasing user when
> > loading a outdated certificate. This patch add messages against
> > 1.3.14.3.2.29 and 2.5.29.1 OIDs.
> > 
> > Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1129471
> > Cc: David Howells <dhowells@xxxxxxxxxx> 
> > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> 
> > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> > Signed-off-by: "Lee, Chun-Yi" <jlee@xxxxxxxx>
> 
> Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

Thanks for your review!

Joey Lee



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux