19 Jul
2011
19 Jul
'11
4:43 p.m.
On 07/19/2011 07:55 AM, Daniel P. Berrange wrote:
Gnutls requires that certificates have basic constraints present to be used as a CA certificate. OpenSSL doesn't add this data by default, so add a sanity check to catch this situation. Also validate that the key usage and key purpose constraints contain correct data
* src/rpc/virnettlscontext.c: Add sanity checking of certificate constraints --- src/rpc/virnettlscontext.c | 132 +++++++++++++++++++++++++++++++++++++++++++- 1 files changed, 130 insertions(+), 2 deletions(-)
ACK. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org