提交 98801c00 编写于 作者: D David Howells

pefile: Validate PKCS#7 trust chain

Validate the PKCS#7 trust chain against the contents of the system keyring.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Acked-by: NVivek Goyal <vgoyal@redhat.com>
上级 af316fc4
......@@ -449,7 +449,7 @@ int verify_pefile_signature(const void *pebuf, unsigned pelen,
if (ret < 0)
goto error;
ret = -ENOANO; // Not yet complete
ret = pkcs7_validate_trust(pkcs7, trusted_keyring, _trusted);
error:
pkcs7_free_message(ctx.pkcs7);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
新手
引导
客服 返回
顶部