Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
genprotimg: support
Armonk
in IBM signing key subject
New IBM signing certificates will have 'Armonk' as locality in the subject. Make sure that certificate revocations lists (CRL) with 'Poughkeepsie' as issuer locality are still considered as valid as long as they are signed with the IBM signing keys private key. In addition, drop the check for 'issuer(HKD) == subject(HKSK)' as it doesn't improve security. While at it, remove now unused functions and fix a memory leak of @akid in `check_crl_issuer`. Reviewed-by: Christoph Schlameuss <schlameuss@linux.ibm.com> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
- Loading branch information
1 parent
1a3d0b7
commit d14e759
Showing
3 changed files
with
104 additions
and
110 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters