subject:"\[PATCH\] X.509\: Fix determination of self\-signedness"

Re: [PATCH] X.509: Fix determination of self-signedness

2015-12-18 Thread Josh Boyer

On Thu, Dec 17, 2015 at 7:03 PM, David Howells wrote: > Fix determination of whether an X.509 certificate is self-signed or not. > > It is currently assumed that a cert is self-signed if has no > authorityKeyIdentifier or the authorityKeyIdentifier matches the >

Re: [PATCH] X.509: Fix determination of self-signedness

2015-12-18 Thread David Howells

Josh Boyer wrote: > Should this also be Cc'd to stable? Argh. Probably. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at

[PATCH] X.509: Fix determination of self-signedness

2015-12-17 Thread David Howells

Fix determination of whether an X.509 certificate is self-signed or not. It is currently assumed that a cert is self-signed if has no authorityKeyIdentifier or the authorityKeyIdentifier matches the subjectKeyIdentifier. However, it is possible to encounter a certificate that has neither AKID