sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

openssl: Only allow certificates with cRLSign keyUsage to sign CRLs

Browse Source
This commit is contained in:
Tobias Brunner 2023-02-22 17:21:15 +01:00
parent 7d1f221211
commit 01ec54afc9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libstrongswan/plugins/openssl/openssl_crl.c
View File

@ -303,7 +303,7 @@ METHOD(certificate_t, issued_by, bool,
return FALSE;
}
x509 = (x509_t*)issuer;
if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN)))
if (!(x509->get_flags(x509) & X509_CRL_SIGN))
{
return FALSE;
}