David Howells bda850cd21 PKCS#7: Make trust determination dependent on contents of trust keyring ...

Make the determination of the trustworthiness of a key dependent on whether
a key that can verify it is present in the supplied ring of trusted keys
rather than whether or not the verifying key has KEY_FLAG_TRUSTED set.

verify_pkcs7_signature() will return -ENOKEY if the PKCS#7 message trust
chain cannot be verified.

Signed-off-by: David Howells <dhowells@redhat.com>

2016-04-06 16:14:24 +01:00

11 KiB

Raw Blame History

View Raw