Blame SOURCES/0008-pesigcheck-Verify-with-the-cert-as-an-object-signer.patch
|
 |
0ac9f2 |
From 2cd211bcc612ad8cb99c778461ca02a9f3e5e44b Mon Sep 17 00:00:00 2001
|
|
|
0ac9f2 |
From: David Michael <david.michael@coreos.com>
|
|
|
0ac9f2 |
Date: Thu, 16 Feb 2017 15:08:30 -0800
|
|
|
0ac9f2 |
Subject: [PATCH 08/29] pesigcheck: Verify with the cert as an object signer
|
|
|
0ac9f2 |
|
|
|
0ac9f2 |
---
|
|
|
0ac9f2 |
src/certdb.c | 2 +-
|
|
|
0ac9f2 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
0ac9f2 |
|
|
|
0ac9f2 |
diff --git a/src/certdb.c b/src/certdb.c
|
|
|
0ac9f2 |
index 2a08042..b7c99bb 100644
|
|
|
0ac9f2 |
--- a/src/certdb.c
|
|
|
0ac9f2 |
+++ b/src/certdb.c
|
|
|
0ac9f2 |
@@ -339,7 +339,7 @@ check_cert(pesigcheck_context *ctx, SECItem *sig, efi_guid_t *sigtype,
|
|
|
0ac9f2 |
}
|
|
|
0ac9f2 |
/* Verify the signature */
|
|
|
0ac9f2 |
result = SEC_PKCS7VerifyDetachedSignatureAtTime(cinfo,
|
|
|
0ac9f2 |
- certUsageSSLServer,
|
|
|
0ac9f2 |
+ certUsageObjectSigner,
|
|
|
0ac9f2 |
digest, HASH_AlgSHA256,
|
|
|
0ac9f2 |
PR_FALSE, atTime);
|
|
|
0ac9f2 |
if (!result) {
|
|
|
0ac9f2 |
--
|
|
|
0ac9f2 |
2.13.4
|
|
|
0ac9f2 |
|