[PATCH v3 03/10] KEYS: X.509: Parse Basic Constraints for CA

Jarkko Sakkinen jarkko at kernel.org
Wed Jan 4 12:29:02 UTC 2023


On Thu, Dec 15, 2022 at 06:10:04AM -0500, Mimi Zohar wrote:
> > diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
> > index a299c9c56f40..7c5c0ad1c22e 100644
> > --- a/crypto/asymmetric_keys/x509_parser.h
> > +++ b/crypto/asymmetric_keys/x509_parser.h
> > @@ -38,6 +38,7 @@ struct x509_certificate {
> >  	bool		self_signed;		/* T if self-signed (check unsupported_sig too) */
> >  	bool		unsupported_sig;	/* T if signature uses unsupported crypto */
> >  	bool		blacklisted;
> > +	bool		root_ca;		/* T if basic constraints CA is set */
> >  }; 
> 
> The variable "root_ca" should probably be renamed to just "ca", right?

Perhaps is_ca?

BR, Jarkko



More information about the Linux-security-module-archive mailing list