rpms / bouncycastle

Clone
Source Code
GIT

Files

  1.   12447214de1ac83da052add712168831b4174a35
  2.   0001-added-back-support-for-subject-key-identifier-check-.patch
Blob Blame History Raw 
From d1fb007090813ce348a2d439f12fa347a8d5010c Mon Sep 17 00:00:00 2001
From: David Hook <dgh@cryptoworkshop.com>
Date: Wed, 12 Jan 2022 15:02:59 +1100
Subject: [PATCH] added back support for subject key identifier check where
 serial number is not provided.

---
 .../java/org/bouncycastle/x509/PKIXCertPathReviewer.java  | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java b/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java
index 58a07d6c7..a78e97735 100644
--- a/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java
+++ b/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java
@@ -2492,6 +2492,14 @@ protected Collection getTrustAnchors(X509Certificate cert, Set trustanchors) thr
                 {
                     certSelectX509.setSerialNumber(authID.getAuthorityCertSerialNumber());
                 }
+                else
+                {
+                    byte[] keyID = authID.getKeyIdentifier();
+                    if (keyID != null)
+                    {
+                        certSelectX509.setSubjectKeyIdentifier(new DEROctetString(keyID).getEncoded());
+                    }
+                }
             }
         }
         catch (IOException ex)
-- 
2.34.1
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.