- djm@cvs.openbsd.org 2013/01/18 03:00:32

[krl.c]
     fix KRL generation bug for list sections
This commit is contained in:
Damien Miller 2013-01-18 15:32:03 +11:00
parent ebafebda85
commit 13f5f768bc
2 changed files with 5 additions and 3 deletions

View File

@ -8,10 +8,12 @@
a single bit of incremental cost to revoke a certificate by serial number.
KRLs are loaded via the existing RevokedKeys sshd_config option.
feedback and ok markus@
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2013/01/18 00:45:29
[regress/Makefile regress/cert-userkey.sh regress/krl.sh]
Tests for Key Revocation Lists (KRLs)
- djm@cvs.openbsd.org 2013/01/18 03:00:32
[krl.c]
fix KRL generation bug for list sections
20130117
- (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]

4
krl.c
View File

@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $OpenBSD: krl.c,v 1.2 2013/01/18 00:24:58 djm Exp $ */
/* $OpenBSD: krl.c,v 1.3 2013/01/18 03:00:32 djm Exp $ */
#include "includes.h"
@ -595,7 +595,7 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf)
/* Perform section-specific processing */
switch (state) {
case KRL_SECTION_CERT_SERIAL_LIST:
for (i = rs->lo; i < contig; i++)
for (i = 0; i < contig; i++)
buffer_put_int64(&sect, rs->lo + i);
break;
case KRL_SECTION_CERT_SERIAL_RANGE: