Provide a more flexible PKCS#11 search of trust store certificatestmp-pkcs11-lax-search

This addresses the problem where the CA certificate doesn't have a subject key identifier whereas the end certificates have an authority key identifier. Resolves #569 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-09-20 16:44:51 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-09-21 13:09:40 +0200
commit: 39a6de929c1a6baa2b7914bfa89275b3ee4db0e2 (patch)
tree: 71e1700c0e74282dec4e6cb6eda439a48890da6e /lib/x509/common.h
parent: cc54c334f8a1f77a03d4e26ed6ac9a3f132a463f (diff)
download: gnutls-39a6de929c1a6baa2b7914bfa89275b3ee4db0e2.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/x509/common.h b/lib/x509/common.h
index 637121c2ee..2ff979380f 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -236,7 +236,8 @@ _gnutls_check_if_same_key2(gnutls_x509_crt_t cert1,
 
 unsigned
 _gnutls_check_valid_key_id(gnutls_datum_t *key_id,
-			   gnutls_x509_crt_t cert, time_t now);
+			   gnutls_x509_crt_t cert, time_t now,
+			   unsigned *has_ski);
 
 unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, unsigned no_any);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-09-20 16:44:51 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-09-21 13:09:40 +0200
commit	39a6de929c1a6baa2b7914bfa89275b3ee4db0e2 (patch)
tree	71e1700c0e74282dec4e6cb6eda439a48890da6e /lib/x509/common.h
parent	cc54c334f8a1f77a03d4e26ed6ac9a3f132a463f (diff)
download	gnutls-39a6de929c1a6baa2b7914bfa89275b3ee4db0e2.tar.gz