[hipl-commit] [trunk] Rev 4421: Reenable check that a certificate actually belongs to the subject.

  • From: Diego Biurrun <diego@xxxxxxxxxx>
  • To: hipl-commit@xxxxxxxxxxxxx
  • Date: Wed, 28 Apr 2010 14:30:21 +0300

Committer: Diego Biurrun <diego@xxxxxxxxxx>
Date: 28/04/2010 at 14:30:21
Revision: 4421
Revision-id: diego@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk

Log:
  Reenable check that a certificate actually belongs to the subject.

Modified:
  M  firewall/pisa.c

=== modified file 'firewall/pisa.c'
--- firewall/pisa.c     2010-04-26 19:43:52 +0000
+++ firewall/pisa.c     2010-04-28 11:30:01 +0000
@@ -292,10 +292,8 @@
 
     HIP_IFEL(ipv6_addr_cmp(&pc.hit_issuer, &community_operator_hit) != 0,
              -1, "Certificate not issued by the community operator.\n");
-#if 0
     HIP_IFEL(ipv6_addr_cmp(&pc.hit_subject, &hip->hits) != 0, -1,
              "Certificate does not belong to subject.\n");
-#endif
 
     HIP_INFO("Certificate successfully verified.\n");

Other related posts:

  • » [hipl-commit] [trunk] Rev 4421: Reenable check that a certificate actually belongs to the subject. - Diego Biurrun