version 1.32, 2015/06/24 23:47:23 |
version 1.33, 2015/07/03 03:43:18 |
|
|
if (!sshkey_is_cert(key)) |
if (!sshkey_is_cert(key)) |
return ssh_krl_revoke_key_sha1(krl, key); |
return ssh_krl_revoke_key_sha1(krl, key); |
|
|
if (sshkey_cert_is_legacy(key) || key->cert->serial == 0) { |
if (key->cert->serial == 0) { |
return ssh_krl_revoke_cert_by_key_id(krl, |
return ssh_krl_revoke_cert_by_key_id(krl, |
key->cert->signature_key, |
key->cert->signature_key, |
key->cert->key_id); |
key->cert->key_id); |
|
|
} |
} |
|
|
/* |
/* |
* Legacy cert formats lack serial numbers. Zero serials numbers |
* Zero serials numbers are ignored (it's the default when the |
* are ignored (it's the default when the CA doesn't specify one). |
* CA doesn't specify one). |
*/ |
*/ |
if (sshkey_cert_is_legacy(key) || key->cert->serial == 0) |
if (key->cert->serial == 0) |
return 0; |
return 0; |
|
|
memset(&rs, 0, sizeof(rs)); |
memset(&rs, 0, sizeof(rs)); |