X.509: Extract both parts of the AuthorityKeyIdentifier

Extract both parts of the AuthorityKeyIdentifier, not just the keyIdentifier, as the second part can be used to match X.509 certificates by issuer and serialNumber. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Vivek Goyal <vgoyal@redhat.com>
author: David Howells <dhowells@redhat.com> 2015-07-20 21:16:26 +0100
committer: David Howells <dhowells@redhat.com> 2015-08-07 16:26:13 +0100
commit: b92e6570a992c7d793a209db282f68159368201c (patch)
tree: 37f9f533b4d28508fca8c1f6c1229c0182d47acc /crypto/asymmetric_keys/x509_parser.h
parent: c05cae9a58dca6dcbc6e66b228a9589c6b60880c (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index 3dfe6b5d6f0b..dcdb5c94f514 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -19,9 +19,10 @@ struct x509_certificate {
 	struct public_key_signature sig;	/* Signature parameters */
 	char		*issuer;		/* Name of certificate issuer */
 	char		*subject;		/* Name of certificate subject */
-	struct asymmetric_key_id *id;		/* Serial number + issuer */
+	struct asymmetric_key_id *id;		/* Issuer + Serial number */
 	struct asymmetric_key_id *skid;		/* Subject + subjectKeyId (optional) */
-	struct asymmetric_key_id *authority;	/* Authority key identifier (optional) */
+	struct asymmetric_key_id *akid_id;	/* CA AuthKeyId matching ->id (optional) */
+	struct asymmetric_key_id *akid_skid;	/* CA AuthKeyId matching ->skid (optional) */
 	struct tm	valid_from;
 	struct tm	valid_to;
 	const void	*tbs;			/* Signed data */
author	David Howells <dhowells@redhat.com>	2015-07-20 21:16:26 +0100
committer	David Howells <dhowells@redhat.com>	2015-08-07 16:26:13 +0100
commit	b92e6570a992c7d793a209db282f68159368201c (patch)
tree	37f9f533b4d28508fca8c1f6c1229c0182d47acc /crypto/asymmetric_keys/x509_parser.h
parent	c05cae9a58dca6dcbc6e66b228a9589c6b60880c (diff)