From: | "Machin, Glenn D" <GMachin@sandia.gov> |
To: | "krb5-bugs@mit.edu" <krb5-bugs@mit.edu> |
Subject: | Bug in src/plugins/preauth/pkinit/pkinit_crypto_openssl.c function load_cas_and_crls |
Date: | Fri, 4 Dec 2015 13:45:08 +0000 |
/C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CAHash file 99b3b749.r0
X509v3 Authority Key Identifier:
keyid:D3:CE:E7:5B:89:A7:CD:6C:91:C6:67:36:A9:58:72:09:EC:E2:39:F3
The newer badges have an issuing CA with the same name but a different X509v3 Authority Key Identifier:
/C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CA
Hash file 99b3b749.r0
X509v3 Authority Key Identifier:
keyid:55:B4:6C:33:3F:E3:60:1A:A7:FF:C3:ED:B4:F7:E4:04:DA:29:D0:63
In pkinit_crypto_openssl.c function load_cas_and_crls()
for (j = 0; j < size; j++) {
X509_CRL *x = sk_X509_CRL_value(ca_crls, j);
flag = X509_CRL_cmp(x, xi->crl);
if (flag == 0)
break;
else
continue;
}
if (flag != 0) {
pkiDebug("%s: pushing xi->crl onto ca_crl\n", __FUNCTION__);
sk_X509_CRL_push(ca_crls, X509_CRL_dup(xi->crl));
}