diff --git a/ChangeLog b/ChangeLog index a45d24b29..6be8cd468 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,10 +8,12 @@ a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@ - - OpenBSD CVS Sync - djm@cvs.openbsd.org 2013/01/18 00:45:29 [regress/Makefile regress/cert-userkey.sh regress/krl.sh] Tests for Key Revocation Lists (KRLs) + - djm@cvs.openbsd.org 2013/01/18 03:00:32 + [krl.c] + fix KRL generation bug for list sections 20130117 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] diff --git a/krl.c b/krl.c index 485057029..ca2010a77 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.2 2013/01/18 00:24:58 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.3 2013/01/18 03:00:32 djm Exp $ */ #include "includes.h" @@ -595,7 +595,7 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf) /* Perform section-specific processing */ switch (state) { case KRL_SECTION_CERT_SERIAL_LIST: - for (i = rs->lo; i < contig; i++) + for (i = 0; i < contig; i++) buffer_put_int64(§, rs->lo + i); break; case KRL_SECTION_CERT_SERIAL_RANGE: